home

dcbrakieamo_amobl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbrakieamo_amobl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address server-54-230-36-226.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.11.0.999

MD5:
2e8f0e86dcc3f0b5b4db41a7bb0d9077

SHA-1:
44790ade266c9592533ac9573849a9c2a75f7d0f

SHA-256:
e5635bfa9e59a8c86ffbf9e0368546215fefe530bb039df636df39d6e3abab52

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 8:35:59 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo.Installer (M)
15.8.8.7

File size:
2.3 MB (2,364,824 bytes)

Product version:
2.11.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\dcbrakieamo_amobl_setup.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 6:00:00 PM

Valid to:
2/11/2016 5:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
8/7/2015 1:55:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:kA/X+hVXNxxUe1IaS6pYNp3x9UVlKjHfgPXZGEQnhjM4cwiBYIOog:KXxUeWaSF3nMKjHf+pmhjM4crOog

Entry address:
0x2E4240

Entry point:
E8, DF, 09, 20, 00, 24, 4F, 0E, 4F, 81, 87, 7E, 43, 42, 1E, 73, AE, 1A, 3D, 97, 33, 54, 9C, 89, FC, 6B, 6D, 7A, 52, A7, 02, A2, CD, 4C, C1, 50, BD, DE, DD, 81, 68, E9, 9E, 64, 9B, 1A, 67, 3A, 81, 0E, 6E, 72, D7, 31, E0, 4A, B5, D8, 92, EB, D7, DD, D2, 6E, 52, BF, 02, BE, 02, AC, 5D, 78, DE, 48, 3D, 3C, DD, 6C, 95, A8, 8D, BE, C1, D5, B2, 37, 8A, 31, 8E, 0A, 6D, C0, 2E, A4, 06, B3, 55, 04, 2F, 91, A3, 84, 33, 54, 5B, 5C, 65, 5B, D9, F7, 6D, 6B, 9D, 2B, 2D, 43, F7, 98, F0, E4, A2, D4, 0A, ED, 12, 6B, 5F, 61...
 
[+]

Entropy:
7.8973  (probably packed)

Code size:
549.5 KB (562,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-38-240.jfk1.r.cloudfront.net  (54.230.38.240:80)

TCP (HTTP):
Connects to server-54-230-36-226.jfk1.r.cloudfront.net  (54.230.36.226:80)

Remove dcbrakieamo_amobl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.