home

1stbrowsersilent.exe

Installer

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application 1stbrowsersilent.exe by LiveSoftAction has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
S  (signed by LiveSoftAction)

Product:
Installer

Version:
4.40.5.53

MD5:
bb52357ffe2a0a4cff5be77fc1f51836

SHA-1:
98a862b598451f22f1fac0b8b8c310edc3206165

SHA-256:
d94bf6a9503b24caedfbd8d20a1b580735cac4fe7fa9534d6c86687447e535eb

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer that uses the Appscion to bundle adware.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 6:00:51 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien (M)
16.11.23.16

File size:
2.2 MB (2,283,600 bytes)

Product version:
4.40.5.53

Copyright:
Copyright (C) 2016

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\3a0abb00_stp\1stbrowsersilent.exe

Digital Signature
Signed by:
LiveSoftAction

Authority:
COMODO CA Limited

Valid from:
12/22/2015 1:00:00 AM

Valid to:
12/22/2016 12:59:59 AM

Subject:
CN=LiveSoftAction, O=LiveSoftAction, STREET="Str. DIONISIE LUPU 64-66,", STREET=Bucharest, L=Bucharest, S=ROMANIA, PostalCode=010458, C=RO

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
53F942B550131CA0421C84A7FCFE16A6

File PE Metadata
Compilation timestamp:
9/30/2016 3:14:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
49152:ZEAtsjs3/lJRUOcs6phgwR+WexRyIgoTfOw78r8QiN7CFtXu:ZEAwsPtUOc5hgwRrexRyIbfOw78rPK

Entry address:
0x144633

Entry point:
E8, 7D, 08, 00, 00, E9, 8E, FE, FF, FF, FF, 25, 34, FA, 58, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, E1, F5, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, D0, F5, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, C8, CF, 5E, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00...
 
[+]

Code size:
1.6 MB (1,628,672 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:80)

Remove 1stbrowsersilent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.