» object browser-nova.exe
Overview
Analysis
File Details
Programs (1)
Network (4)

object browser-nova.exe

Goobzo LTD

The application object browser-nova.exe, “Object Browser exe” by Goobzo has been detected as adware by 35 anti-malware scanners. This file is typically installed with the program Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.

File name:

Publisher:

Object Browser (signed by Goobzo LTD)

Product:

Object Browser

Description:

Object Browser exe

Version:

1000.1000.1000.1000

MD5:

e07c111d498ef09ed05e0803778d601b

SHA-1:

877715cc2c757b4df8d4f9d259974d83b9ac29ca

SHA-256:

b24c196bdfa2b550ecdb5f8072fef4f34d1a1f63d4103338566a7a6b16561814

Scanner detections:

35 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 12:11:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.19680

565

Agnitum Outpost

PUA.AdLoad

7.1.1

AhnLab V3 Security

PUP/Win32.Toolbar

2014.07.05

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.176

avast!

Win32:Adware-gen [Adw]

2014.9-150719

AVG

Generic_r

2016.0.3043

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.15719

Bitdefender

Gen:Variant.Kazy.19680

1.0.20.1000

Bkav FE

W32.CrossRiderD.Adware

1.3.0.4959

Comodo Security

ApplicUnwnt

18690

Dr.Web

Trojan.Crossrider.27333

9.0.1.0200

Emsisoft Anti-Malware

Gen:Variant.Kazy.19680

8.15.07.19.07

ESET NOD32

Win32/Toolbar.CrossRider.AE (variant)

9.10048

Fortinet FortiGate

Riskware/Toolbar_CrossRider

7/19/2015

F-Prot

W32/A-7d811582

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.19680

11.2015-19-07_1

G Data

Win32.Application.Plush

15.7.24

IKARUS anti.virus

PUA.OptionalInst.Goobzo

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.178.12278

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.1711

Malwarebytes

PUP.Optional.ObjectBrowser.A

v2015.07.19.07

McAfee

Artemis!873BBB429793

5600.6699

MicroWorld eScan

Gen:Variant.Kazy.19680

16.0.0.600

NANO AntiVirus

Riskware.Win32.AdLoad.dbihow

0.28.0.60253

Panda Antivirus

Trj/Genetic.gen

15.07.19.07

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

PUP.Goobzo.ObjectBrowser (M)

15.7.19.19

Rising Antivirus

PE:Trojan.Win32.Generic.1703757D!386102653

23.00.65.15717

Sophos

AppRider

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

9743

Trend Micro House Call

TROJ_GEN.F47V0430

7.2.200

Trend Micro

ADW_RIDECROSS

10.465.19

Vba32 AntiVirus

AdWare.AdLoad

3.12.26.3

VIPRE Antivirus

Crossrider

30978

Zillya! Antivirus

Adware.CrossRider.Win32.141

2.0.0.1939

File size:

641.9 KB (657,264 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Object Browser.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\object browser\object browser-nova.exe

Digital Signature

Signed by:

Goobzo LTD

Authority:

Thawte, Inc.

Valid from:

5/1/2013 5:00:00 PM

Valid to:

5/2/2015 4:59:59 PM

Subject:

CN=Goobzo LTD, O=Goobzo LTD, L=Haifa, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

120B25DDE57B88636AD4D97D23B99C88

File PE Metadata

Compilation timestamp:

7/4/2014 3:05:18 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:R4EOj9LeT1HTNtKcVdXZVguCuETAaxBLeEIu9FzbefpT5Ut50K6:+EOj9yJvJg/9AQeEIwFzbeBTWtmK6

Entry address:

0x4B7A9

Entry point:

E8, 55, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, 6B, 48, 00, E8, E1, 4E, 00, 00, E8, 9D, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, E8, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9D, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3517

Code size:

460.5 KB (471,552 bytes)

The file object browser-nova.exe has been discovered within the following program.

Object Browser by Object Browser

Object Browser is an adware style application that runs in the web browser as a toolbar and web extension.

66% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.10:80)

TCP (HTTP SSL):

Connects to dal312.meraki.com (199.231.78.111:443)

Remove object browser-nova.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.