home

dc535.exe

BrowserAir (GOOBZO LTD)

The application dc535.exe by BrowserAir (GOOBZO) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler. While running, it connects to the Internet address server-54-230-38-120.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.11.0.999

MD5:
abce0e08663095982c6ef103da585814

SHA-1:
27e3c8b861dd597f670249886e4ba5ef89611a05

SHA-256:
370c0130f45839c410e48d013ff30986d3eb71fe56c80bfec91e36cfb4fb2bb9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/16/2024 10:40:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo (M)
15.8.6.0

File size:
2.4 MB (2,551,192 bytes)

Product version:
2.11.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\installer\install_30214\dc535.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 4:00:00 PM

Valid to:
2/11/2016 3:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
8/4/2015 11:58:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:8oMQjBBQzchv+3VWpH1Dsjy5YVUqrUD+zXrUoJS/JRW116dR5JZ+1p9:8oVykAjBVUqAWES6d7O1p9

Entry address:
0x4EEB0A

Entry point:
9C, 9C, 66, C7, 04, 24, 3A, 9B, 60, C7, 44, 24, 24, 7B, 28, 8D, F9, 9C, E9, 09, 29, E2, FF, 63, 0D, 4A, D3, A9, 1A, 25, F2, 14, 92, 12, 9D, 8E, 96, 37, D1, FE, 16, DB, C2, 70, E4, CD, 87, 24, 0C, BA, AB, AB, C1, E9, 7E, 2D, 4E, 1E, D0, 75, 75, B3, AD, B0, A2, 86, 7F, 24, B5, 26, DF, FE, 08, 18, F8, 15, B7, 75, E2, A0, 77, EF, BF, CC, 71, 10, 41, 6D, 0D, 47, D2, 34, BC, DB, 99, 27, 2C, 46, D1, 50, 60, C4, 5D, A2, 4C, 02, A8, 51, 9F, 92, A4, B7, 3F, 97, 7C, 14, FF, 60, 0A, 60, 30, 2F, CA, B7, B8, E8, 89, 45...
 
[+]

Entropy:
7.9049  (probably packed)

Code size:
549.5 KB (562,688 bytes)

Scheduled Task
Task name:
Inst_Rep

Trigger:
Registration (Runs on registration)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-38-120.jfk1.r.cloudfront.net  (54.230.38.120:80)

TCP (HTTP):
Connects to server-205-251-251-142.jfk5.r.cloudfront.net  (205.251.251.142:80)

Remove dc535.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.