browser.exe

Browser

Web Discover

The application browser.exe by Web Discover has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address ns2.daum.net on port 80 using the HTTP protocol.
Publisher:
Web Discover  (signed and verified)

Product:
Browser

Version:
48.0.2564.10

MD5:
8c219b4ea117e17ffa15bb1fd5143b7a

SHA-1:
036cc263b33dc08ac105b8694883203b4c4d8f11

SHA-256:
be23450d0cba7bbb646469ef42779a549979445716776040e1fc1b84257b79da

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 7:14:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebDisco (M)
16.6.29.14

File size:
962.2 KB (985,312 bytes)

Product version:
48.0.2564.10

Copyright:
Copyright 2016

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webdiscoverbrowser\2.173.2\browser.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
2/22/2016 7:00:00 PM

Valid to:
2/22/2017 6:59:59 PM

Subject:
CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6A8AE55D88F918454899216E122FA657

File PE Metadata
Compilation timestamp:
6/28/2016 5:01:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:1rniuLOyClDowWzTzznFrYwLoPXEam+cXGBQqz7ZvpnLww:FPLORJ7ZVww

Entry address:
0x4B71A

Entry point:
E8, EC, B2, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Entropy:
5.4970

Code size:
410 KB (419,840 bytes)

Scheduled Task
Task name:
WebDiscover Browser Launch Task

Trigger:
Logon (Runs on logon)

Description:
WebDiscover Browser Launch Task


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to appleglobal.102.112.2o7.net  (66.235.135.144:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lhr3.fbcdn.net  (31.13.90.6:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lht6.fbcdn.net  (157.240.1.23:443)

TCP (HTTP SSL):
Connects to wb-in-f188.1e100.net  (66.102.1.188:443)

TCP (HTTP SSL):
Connects to s0279be0.204.m4.ams.nl.iptp.net  (176.56.184.130:443)

TCP (HTTP SSL):
Connects to s0194be0.105.m4.ams.nl.iptp.net  (176.56.182.45:443)

TCP (HTTP SSL):
Connects to mc.yandex.ru  (213.180.193.119:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-lht6.facebook.com  (157.240.1.18:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lhr3.facebook.com  (31.13.90.36:443)

TCP (HTTP SSL):
Connects to a23-38-54-122.deploy.static.akamaitechnologies.com  (23.38.54.122:443)

TCP (HTTP SSL):
Connects to a104-121-24-190.deploy.static.akamaitechnologies.com  (104.121.24.190:443)

TCP (HTTP):
Connects to li548-71.members.linode.com  (176.58.125.71:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lht6.facebook.com  (157.240.1.35:443)

TCP (HTTP SSL):
Connects to ec2-34-206-92-254.compute-1.amazonaws.com  (34.206.92.254:443)

TCP (HTTP SSL):
Connects to a104-121-5-46.deploy.static.akamaitechnologies.com  (104.121.5.46:443)

TCP (HTTP):
Connects to 47.9.155.104.bc.googleusercontent.com  (104.155.9.47:80)

TCP (HTTP):
Connects to 19.1.155.104.bc.googleusercontent.com  (104.155.1.19:80)

TCP (HTTP):
Connects to 188.13.155.104.bc.googleusercontent.com  (104.155.13.188:80)

TCP (HTTP SSL):
Connects to server-54-230-196-229.lhr50.r.cloudfront.net  (54.230.196.229:443)

TCP (HTTP):
Connects to server-52-85-63-210.lhr50.r.cloudfront.net  (52.85.63.210:80)

Remove browser.exe - Powered by Reason Core Security