home

obronablockads.exe

Obrona Block Ads

Download Sp. z.o.o.

The application obronablockads.exe by Download Sp. z.o.o has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 9880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OBRONA BlockAds by Red Sky LLC. While running, it connects to the Internet address static.100.50.201.138.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
RedSky Sp. z o.o.  (signed by Download Sp. z.o.o.)

Product:
Obrona Block Ads

Version:
1.1.37

MD5:
bc15d0dfda2780411a8ae2d930d57c36

SHA-1:
805955d97ff4c0c71eb15e092c883521cbd340c1

SHA-256:
dfa7145520e470f7caead53a1987557c2ed256ef1cdf451bf94bd4d99ccd1bba

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 1:00:44 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.ObronaAds
v2015.05.19.03

Reason Heuristics
PUP.DownloadSpzoo
15.5.19.11

File size:
1.5 MB (1,531,672 bytes)

Product version:
1.0

Copyright:
RedSky Sp. z o.o.

Original file name:
ObronaBlockAds

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\obrona block ads\obronablockads.exe

Digital Signature
Signed by:
Download Sp. z.o.o.

Authority:
DigiCert Inc

Valid from:
12/8/2014 5:00:00 PM

Valid to:
12/14/2015 5:00:00 AM

Subject:
CN=Download Sp. z.o.o., O=Download Sp. z.o.o., L=Warszawa, C=PL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08883940928AE596451853B69F51C554

File PE Metadata
Compilation timestamp:
5/14/2015 8:16:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:BFAc9TeLYVFllk5Xda4b8SmHSSZ4XcEgEkg5ua6sT:BPGmloNlbUlZ4X1ua6sT

Entry address:
0x7EAB9

Entry point:
E8, A5, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 8C, 55, 00, 89, 0D, 74, 8C, 55, 00, 89, 15, 70, 8C, 55, 00, 89, 1D, 6C, 8C, 55, 00, 89, 35, 68, 8C, 55, 00, 89, 3D, 64, 8C, 55, 00, 66, 8C, 15, 90, 8C, 55, 00, 66, 8C, 0D, 84, 8C, 55, 00, 66, 8C, 1D, 60, 8C, 55, 00, 66, 8C, 05, 5C, 8C, 55, 00, 66, 8C, 25, 58, 8C, 55, 00, 66, 8C, 2D, 54, 8C, 55, 00, 9C, 8F, 05, 88, 8C, 55, 00, 8B, 45, 00, A3, 7C, 8C, 55, 00, 8B, 45, 04, A3, 80, 8C, 55, 00, 8D, 45, 08, A3, 8C, 8C, 55...
 
[+]

Entropy:
6.5626

Packer / compiler:
PEQuake V0.06

Code size:
549.5 KB (562,688 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:9880/

Local host port:
9880

Default credentials:
No


The file obronablockads.exe has been discovered within the following program.

OBRONA BlockAds  by Red Sky LLC
blockads.obrona.org/contact.html
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.100.50.201.138.clients.your-server.de  (138.201.50.100:80)

TCP (HTTP):
Connects to a104-106-150-187.deploy.static.akamaitechnologies.com  (104.106.150.187:80)

TCP (HTTP SSL):
Connects to 9d.45.37a9.ip4.static.sl-reverse.com  (169.55.69.157:443)

TCP (HTTP):
Connects to ec2-184-73-223-201.compute-1.amazonaws.com  (184.73.223.201:80)

TCP (HTTP):
Connects to 244.216.186.35.bc.googleusercontent.com  (35.186.216.244:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to ec2-52-39-200-246.us-west-2.compute.amazonaws.com  (52.39.200.246:80)

TCP (HTTP SSL):
Connects to ec2-54-72-9-115.eu-west-1.compute.amazonaws.com  (54.72.9.115:443)

TCP (HTTP):
Connects to ec2-54-243-128-145.compute-1.amazonaws.com  (54.243.128.145:80)

TCP (HTTP):
Connects to ec2-52-3-215-241.compute-1.amazonaws.com  (52.3.215.241:80)

TCP (HTTP):
Connects to ec2-52-206-182-223.compute-1.amazonaws.com  (52.206.182.223:80)

TCP (HTTP):
Connects to wb-in-f100.1e100.net  (66.102.1.100:80)

TCP (HTTP):
Connects to server-54-192-27-214.mxp4.r.cloudfront.net  (54.192.27.214:80)

TCP (HTTP):
Connects to server-54-192-25-227.mxp4.r.cloudfront.net  (54.192.25.227:80)

TCP (HTTP):
Connects to server-54-192-25-188.mxp4.r.cloudfront.net  (54.192.25.188:80)

TCP (HTTP):
Connects to server-52-85-63-126.lhr50.r.cloudfront.net  (52.85.63.126:80)

TCP (HTTP):
Connects to ec2-54-246-103-156.eu-west-1.compute.amazonaws.com  (54.246.103.156:80)

TCP (HTTP):
Connects to ec2-54-235-244-28.compute-1.amazonaws.com  (54.235.244.28:80)

TCP (HTTP):
Connects to ec2-54-225-182-66.compute-1.amazonaws.com  (54.225.182.66:80)

TCP (HTTP):
Connects to ec2-54-215-230-232.us-west-1.compute.amazonaws.com  (54.215.230.232:80)

Remove obronablockads.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.