amznsearchprotect.exe

Amazon Browser Settings

Browser Distribution Services Inc.

The application amznsearchprotect.exe by Browser Distribution Services has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Amazon Assistant by Amazon and Amazon Search by Amazon.
Publisher:
Distromatic  (signed by Browser Distribution Services Inc.)

Product:
Amazon Browser Settings

Version:
1.2.1.1414

MD5:
659e281bd04de1391f64519e7262e986

SHA-1:
4e4e6352c2b50334acecda51fa8858ef63fd2d47

SHA-256:
be2180ace74988b24f669e1f64a578ae513433709a3dda43f16b88f31a2baa6c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 6:08:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BrowserD (M)
16.3.31.21

File size:
3.3 MB (3,509,352 bytes)

Product version:
3.0.5.1338-fc43e392

Copyright:
Browser Distribution Services

Original file name:
distro-silent-installer.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\amazon browser settings\amznsearchprotect.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
12/18/2015 1:00:00 AM

Valid to:
12/18/2017 12:59:59 AM

Subject:
CN=Browser Distribution Services Inc., O=Browser Distribution Services Inc., L=Las Vegas, S=Nevada, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0E7157187A3C9C51E5535C5D49605D0C

File PE Metadata
Compilation timestamp:
3/14/2016 2:38:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
98304:VilSk9TZ8NdgdmoA/rLKOBgl+U2IZMMaIKYPDw:sgKTIX1HTBgl+U2IZMa7PU

Entry address:
0x4554A0

Entry point:
60, BE, 00, E0, 72, 00, 8D, BE, 00, 30, CD, FF, C7, 87, A0, DB, 44, 00, FF, 2F, 04, 70, 57, EB, 11, 90, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Code size:
1.2 MB (1,212,416 bytes)

Scheduled Task
Task name:
DistromaticSearchProtect-hourly

Trigger:
Daily (Runs daily at 23:36)

Description:
Keeps browser search settings up to date and makes sure they are not changed by malware.


The file amznsearchprotect.exe has been discovered within the following programs.

Amazon Assistant  by Amazon
www.amazon.com/gp/BIT/theamazonapp
About 8% of users remove it
Amazon Search  by Amazon
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-81-97-173.compute-1.amazonaws.com  (54.81.97.173:443)

TCP (HTTP SSL):
Connects to ec2-52-55-150-17.compute-1.amazonaws.com  (52.55.150.17:443)

TCP (HTTP SSL):
Connects to google-public-dns-a.google.com  (8.8.8.8:443)

Remove amznsearchprotect.exe - Powered by Reason Core Security