home

contentexplorerinstaller.exe

Installer

Application Genius, LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application contentexplorerinstaller.exe by Application Genius has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Application Genius, LLC  (signed and verified)

Product:
Installer

Version:
1.0.0.0

MD5:
04d9871b6a0752602b9d3e2899804bad

SHA-1:
a93300860d8e84217891be0947354fa10796e927

SHA-256:
ff205c47631a3216fd7a601f178664a7f7cb48a747eb938d5887dedb9729aa64

Scanner detections:
5 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 7:37:48 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3183

ESET NOD32
MSIL/Adware.iBryte (variant)
9.11252

Reason Heuristics
PUP.Installer.Adknowledge
15.3.2.0

Sophos
PUA 'iBryte Desktop' (of type Adware)
5.11

VIPRE Antivirus
Threat.4798837
37788

File size:
901.6 KB (923,208 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
ContentExplorer2Install.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\contentexplorerinstaller.exe

Digital Signature
Signed by:
Application Genius, LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/30/2014 9:32:38 PM

Valid to:
12/29/2016 6:07:38 PM

Subject:
CN="Application Genius, LLC", O="Application Genius, LLC", L=Walnut, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
629B575CD8F3186B

File PE Metadata
Compilation timestamp:
3/1/2015 2:00:56 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:ScuMxDs1/b5vY9eDwGeROk3KfZtnxLEPyV:ScuMxI1tQ9eDwJDaRhmu

Entry address:
0xDFACA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
887 KB (908,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove contentexplorerinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.