home

obronablockads.exe

Obrona Block Ads

Red Sky Sp. z o.o.

The application obronablockads.exe by Red Sky Sp. z o.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 9880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OBRONA BlockAds by Red Sky LLC. While running, it connects to the Internet address md5.hackerwatch.org on port 80 using the HTTP protocol.
Publisher:
RedSky Sp. z o.o.  (signed by Red Sky Sp. z o.o.)

Product:
Obrona Block Ads

Version:
1.1.31

MD5:
1a8fa32ac03776012df0a73d18dcb393

SHA-1:
7bcf5b59fb9edb9a30bcb939e95410d7dff868e1

SHA-256:
3607940517d469f3e87e6b69555510f8530fe1232e51f51e6559ada13f50254d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 1:21:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.RedSkySpzoo.O
14.10.21.11

File size:
1.4 MB (1,509,336 bytes)

Product version:
1.0

Copyright:
RedSky Sp. z o.o.

Original file name:
ObronaBlockAds

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\obrona block ads\obronablockads.exe

Digital Signature
Signed by:
Red Sky Sp. z o.o.

Authority:
COMODO CA Limited

Valid from:
3/28/2014 1:00:00 AM

Valid to:
3/29/2015 12:59:59 AM

Subject:
CN=Red Sky Sp. z o.o., OU=Red Sky, O=Red Sky Sp. z o.o., POBox=71-064, STREET=Aleja Piastow 22, L=Szczecin, S=zachodniopomorskie, PostalCode=71-064, C=PL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AF74AE06E658887C8B6B42539F3FA758

File PE Metadata
Compilation timestamp:
10/16/2014 2:18:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:jER/8fF29hJngWXda4v8SmHSSZ4XcTMMrT:4NfHVgWNlvUlZ4XuT

Entry address:
0x7B0B9

Entry point:
E8, A5, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, 3B, 55, 00, 89, 0D, CC, 3B, 55, 00, 89, 15, C8, 3B, 55, 00, 89, 1D, C4, 3B, 55, 00, 89, 35, C0, 3B, 55, 00, 89, 3D, BC, 3B, 55, 00, 66, 8C, 15, E8, 3B, 55, 00, 66, 8C, 0D, DC, 3B, 55, 00, 66, 8C, 1D, B8, 3B, 55, 00, 66, 8C, 05, B4, 3B, 55, 00, 66, 8C, 25, B0, 3B, 55, 00, 66, 8C, 2D, AC, 3B, 55, 00, 9C, 8F, 05, E0, 3B, 55, 00, 8B, 45, 00, A3, D4, 3B, 55, 00, 8B, 45, 04, A3, D8, 3B, 55, 00, 8D, 45, 08, A3, E4, 3B, 55...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
533 KB (545,792 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:9880/

Local host port:
9880

Default credentials:
No


The file obronablockads.exe has been discovered within the following program.

OBRONA BlockAds  by Red Sky LLC
blockads.obrona.org/contact.html
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to md5.hackerwatch.org  (161.69.13.35:80)

TCP (HTTP):
Connects to a23-50-75-27.deploy.static.akamaitechnologies.com  (23.50.75.27:80)

Remove obronablockads.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.