thebrowser.exe

TheBrowser

Goobzo

The application thebrowser.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program TheBrowser.
Publisher:
Goobzo

Product:
TheBrowser

Version:
44.4.9.7

MD5:
bd7cc7fcffdcb4e89ab0e534b82c2044

SHA-1:
6089c0d25bf3ca659a13480203a27c6269bd85e0

SHA-256:
3e4acc2509354e184e79c90d6f273bcfac66772821bc7e3f606be3d287e8c7f9

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
9/25/2017 9:41:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.Goobzo.Meta
15.12.3.3

File size:
655.5 KB (671,232 bytes)

Product version:
44.4.9.7

Copyright:
Copyright 2014 Goobzo. All rights reserved.

Original file name:
__SP__browser_name__SP__.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\thebrowser\application\thebrowser.exe

File PE Metadata
Compilation timestamp:
11/25/2015 1:55:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:qVpQ1Q/Os43nrqaDgR9YgXlq3lld+4Z1ZYi3RYTZT+mHcJ/UPa:qV+X8IN/56V+//U

Entry address:
0x3C3DB

Entry point:
E8, 14, A8, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, 9B, 1D, 00, 00, 6A, 16, 5E, 89, 30, E8, 3A...
 
[+]

Entropy:
6.1782

Code size:
345 KB (353,280 bytes)

The file thebrowser.exe has been discovered within the following program.

TheBrowser  by TheBrowser
About 4% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-63-100.lhr50.r.cloudfront.net  (52.85.63.100:80)

TCP (HTTP SSL):
Connects to server-54-230-163-94.jax1.r.cloudfront.net  (54.230.163.94:443)

TCP (HTTP):
Connects to server-54-192-98-248.arn1.r.cloudfront.net  (54.192.98.248:80)

TCP (HTTP SSL):
Connects to cache.google.com  (81.167.38.166:443)

TCP (HTTP):
Connects to whatsapp-cdn-shv-01-arn2.fbcdn.net  (31.13.72.52:80)

TCP (HTTP):
Connects to server-52-85-63-179.lhr50.r.cloudfront.net  (52.85.63.179:80)

TCP (HTTP SSL):
Connects to 81.167.36.210.static.lyse.net  (81.167.36.210:443)

TCP (HTTP SSL):
Connects to 81.167.36.209.static.lyse.net  (81.167.36.209:443)

TCP (HTTP SSL):
Connects to ad.e0.559e.ip4.static.sl-reverse.com  (158.85.224.173:443)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.21:80)

TCP (HTTP):
Connects to server-54-192-55-210.jfk6.r.cloudfront.net  (54.192.55.210:80)

TCP (HTTP):
Connects to server-54-192-55-207.jfk6.r.cloudfront.net  (54.192.55.207:80)

TCP (HTTP):
Connects to server-54-192-55-12.jfk6.r.cloudfront.net  (54.192.55.12:80)

TCP (HTTP):
Connects to server-52-85-63-225.lhr50.r.cloudfront.net  (52.85.63.225:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-arn2.fbcdn.net  (31.13.72.12:443)

TCP (HTTP):
Connects to server-54-192-98-68.arn1.r.cloudfront.net  (54.192.98.68:80)

TCP (HTTP):
Connects to server-54-192-98-190.arn1.r.cloudfront.net  (54.192.98.190:80)

TCP (HTTP):
Connects to server-54-192-98-155.arn1.r.cloudfront.net  (54.192.98.155:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-arn2.facebook.com  (31.13.72.36:443)

TCP (HTTP):
Connects to server-52-85-63-236.lhr50.r.cloudfront.net  (52.85.63.236:80)

Remove thebrowser.exe - Powered by Reason Core Security