home

dcbrakieamo_amobl_setup.exe

BrowserAir (GOOBZO LTD)

The application dcbrakieamo_amobl_setup.exe by BrowserAir (GOOBZO) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
BrowserAir (GOOBZO LTD)  (signed and verified)

Version:
2.10.0.999

MD5:
71a1c927d997e3b4b8fa2d22100dbd29

SHA-1:
529d6526393f4f3a5d2b6028a870991411bccd56

SHA-256:
48da5c8b52c1709cf6b81348bb153c0bed279a37ec30fca7d64a8ac1f9251f22

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/21/2024 11:10:44 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Goobzo (M)
16.7.29.9

File size:
2.2 MB (2,281,368 bytes)

Product version:
2.10.0.999

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\installer\install_8366\dcbrakieamo_amobl_setup.exe

Digital Signature
Signed by:
BrowserAir (GOOBZO LTD)

Authority:
COMODO CA Limited

Valid from:
2/10/2015 6:00:00 PM

Valid to:
2/11/2016 5:59:59 PM

Subject:
CN=BrowserAir (GOOBZO LTD), O=BrowserAir (GOOBZO LTD), STREET="Bldg #15 Matam", L=Haifa, S=Haifa, PostalCode=31905, C=IL

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B4F9A8B40F303C8AAD1D77B2A2B4674

File PE Metadata
Compilation timestamp:
8/3/2015 1:55:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:DYF9Js+mTswhfPrnsaA6RdKL1Zk7odW3QgbWKv4Dylcmb:Dq9JpmRTsGR6Mongblgo

Entry address:
0x445EA9

Entry point:
E9, 21, 6D, 04, 00, 7F, DC, 6B, 41, B8, BB, 78, 75, 02, F6, AC, 5A, FE, AB, BA, FE, FA, 82, A2, E9, 15, 4F, B5, B5, 4D, 2F, CD, BE, 61, 7C, 4C, 12, F8, E6, 1E, BA, 45, E9, 1E, 5C, D0, 57, 99, CA, B0, 2E, D6, 72, 56, 8F, 37, 36, A7, 05, 60, 41, F1, 63, BB, 1B, F8, 56, 38, 7D, A3, 2A, 6E, 88, F1, 0C, 61, A0, D0, 58, 3C, F3, 1B, 48, BA, 79, EA, 74, 4E, 5C, 71, 4A, 45, 73, 8D, DA, 5D, E6, E5, 35, 1D, C2, F0, DA, 54, 31, 2A, 26, 27, 39, 67, FD, 57, 4A, 3B, 71, 2C, 70, 87, 34, 89, CD, B5, F8, 6F, 55, 77, 85, AA...
 
[+]

Entropy:
7.8802

Packer / compiler:
Xtreme-Protector v1.05

Code size:
548.5 KB (561,664 bytes)

Scheduled Task
Task name:
Inst_Rep

Trigger:
Registration (Runs on registration)


Remove dcbrakieamo_amobl_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.