home

QQBrowser.exe

QQ浏览器

Tencent Technology(Shenzhen) Company Limited

This file is installed with multiple programs including aartemis Browser Protecter.
Publisher:
Tencent Inc.  (signed by Tencent Technology(Shenzhen) Company Limited)

Product:
QQ浏览器

Version:
7.3.11251.400

MD5:
2eee15b1927eadff45013e94b0cb0d94

SHA-1:
2a800e15660442227aed7bfab7152d812d67c488

SHA-256:
6b9793bf661fe521ea72e57414a402d48ec233aeeb81a90523ff2fa275961c51

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/23/2024 12:28:02 PM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.131210

File size:
128.6 KB (131,640 bytes)

Product version:
7, 3, 11251, 400

Copyright:
Copyright © 2013 Tencent. All Rights Reserved.

Original file name:
QQBrowser.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\qqbrowser.exe

Digital Signature
Signed by:
Tencent Technology(Shenzhen) Company Limited

Authority:
VeriSign, Inc.

Valid from:
1/16/2013 4:00:00 PM

Valid to:
2/16/2016 3:59:59 PM

Subject:
CN=Tencent Technology(Shenzhen) Company Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tencent Technology(Shenzhen) Company Limited, L=shenzhen, S=guangdong, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7170BD93CF3F189AE6452B514C49340E

File PE Metadata
Compilation timestamp:
7/3/2013 9:43:09 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:iaW/zxLRLfCcC6PAM2e9Qh1aVP9JskntHx:iaWtVfCc7zZCaWknt

Entry address:
0x1996

Entry point:
57, 6A, 00, 6A, 00, 6A, 01, 6A, 00, FF, 15, 9C, 30, BC, 50, 68, C8, 34, BC, 50, FF, 15, 58, 30, BC, 50, FF, 15, 5C, 30, BC, 50, 6A, 00, 8B, F8, FF, 15, 54, 30, BC, 50, 50, 8B, CF, E8, 12, 00, 00, 00, 25, FF, 0F, 00, 00, 0D, 00, A0, BF, 29, 50, FF, 15, 60, 30, BC, 50, CC, 55, 8B, EC, 83, E4, F8, 81, EC, 34, 01, 00, 00, A1, 00, 40, BC, 50, 33, C4, 89, 84, 24, 30, 01, 00, 00, 8B, 45, 08, 53, 56, 89, 44, 24, 08, A1, 80, 43, BC, 50, 0B, 05, 84, 43, BC, 50, 57, 8B, F9, 89, 7C, 24, 1C, 0F, 85, F4, 00, 00, 00, 38...
 
[+]

Entropy:
6.2892

Code size:
5.5 KB (5,632 bytes)

The file QQBrowser.exe has been discovered within the following programs.

aartemis Browser Protecter  by Tencent Technology(Shenzhen) Company Limited
aartemis Browser Protecter is a potentially unwanted web browser extension that is ad-supported and will display various popup and banner ads as well as modify the user's web browser search and home page settings.
56% remove it
awesomehp Browser newtab extension  by Awesomehp
Awesomehp is an adware (advertising supported) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).
82% remove it
awesomehp uninstaller  by Awesomehp
This is a homepage and search web browser hijacker that will redirect searches to Awesomehp.com as well as set the user's homepage to Awesomehp.com. In addition it ads a shortcut to the user's desktop.
www.awesomehp.com/newtab
87% remove it
nationzoom Browser Protecter  by Skytech Co., Ltd.
nationzoom Browser Protecter injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links and some popup/popunder ads.
85% remove it
Sweet Page  by Sweet-page.com
SweetPage is a web browser hijacker that once installed will modify the user's Internet browser homepage and search provider to sweet-page.com (or a partner site). The toolbar/extension is typiclaly bundled with 3rd party download managers. Sweet-page.
www.sweet-page.com
64% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to e0.bf.adb8.ip4.static.sl-reverse.com  (184.173.191.224:80)

TCP (HTTP):
Connects to server-52-85-63-240.lhr50.r.cloudfront.net  (52.85.63.240:80)

TCP (HTTP):
Connects to server-52-84-246-102.sfo20.r.cloudfront.net  (52.84.246.102:80)

TCP (HTTP):
Connects to server-54-230-51-73.jfk5.r.cloudfront.net  (54.230.51.73:80)

TCP (HTTP):
Connects to server-52-85-63-237.lhr50.r.cloudfront.net  (52.85.63.237:80)

TCP (HTTP):
Connects to server-52-84-33-245.ewr50.r.cloudfront.net  (52.84.33.245:80)

TCP (HTTP):
Connects to server-54-230-216-89.mrs50.r.cloudfront.net  (54.230.216.89:80)

TCP (HTTP):
Connects to server-54-230-216-243.mrs50.r.cloudfront.net  (54.230.216.243:80)

TCP (HTTP):
Connects to server-54-230-216-226.mrs50.r.cloudfront.net  (54.230.216.226:80)

TCP (HTTP):
Connects to server-54-230-141-16.sfo5.r.cloudfront.net  (54.230.141.16:80)

TCP (HTTP):
Connects to server-52-85-83-166.lax1.r.cloudfront.net  (52.85.83.166:80)

TCP (HTTP):
Connects to server-52-85-77-29.lax3.r.cloudfront.net  (52.85.77.29:80)

TCP (HTTP):
Connects to server-52-85-77-11.lax3.r.cloudfront.net  (52.85.77.11:80)

TCP (HTTP):
Connects to server-52-85-63-63.lhr50.r.cloudfront.net  (52.85.63.63:80)

TCP (HTTP):
Connects to server-52-85-63-212.lhr50.r.cloudfront.net  (52.85.63.212:80)

TCP (HTTP):
Connects to server-52-85-63-163.lhr50.r.cloudfront.net  (52.85.63.163:80)

TCP (HTTP):
Connects to server-52-84-246-62.sfo20.r.cloudfront.net  (52.84.246.62:80)

TCP (HTTP):
Connects to server-52-84-246-236.sfo20.r.cloudfront.net  (52.84.246.236:80)

TCP (HTTP):
Connects to server-54-239-132-81.sfo9.r.cloudfront.net  (54.239.132.81:80)

TCP (HTTP):
Connects to server-54-239-132-4.sfo9.r.cloudfront.net  (54.239.132.4:80)

Scan QQBrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.