browser.exe

Speed Browser

Long Mile Solutions, LLC

The application browser.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address 216.155.129.196.choopa.net on port 80 using the HTTP protocol.
Publisher:
Long Mile Solutions, LLC

Product:
Speed Browser

Version:
38.0.2125.19

MD5:
38689e2054e7982eb0545b6912187cdc

SHA-1:
36f530629bb8823a458313aafff2ac517d6cbb96

SHA-256:
142fdbcdc400a9ccd09e3b1a911078cab0b5e65372a742a7e398a2b507645f46

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 9:51:50 AM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.Browser.A
v2015.08.22.02

Reason Heuristics
PUP.Injekt.LongMileSolutions.Meta (M)
15.8.22.14

File size:
788.5 KB (807,424 bytes)

Product version:
38.0.2125.19

Copyright:
Copyright 2014 Long Mile Solutions, LLC. All rights reserved.

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\speed browser\application\browser.exe

File PE Metadata
Compilation timestamp:
11/5/2014 2:12:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:mPiQwVb8/d2LiJlP/A91kBYIUw96YdGX4vU6iWE6HunOHUGiJR5ZvYxQCnfjRWfa:mPmVbMlqIUiHunO0GMZMjRBDV

Entry address:
0x44E44

Entry point:
E8, 2B, D0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, A1, 04, 5A, 49, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 04, 5A, 49, 00, 6A, 04, 50, E8, 00, 51, 00, 00, A3, 00, 5A, 49, 00, 59, 59, 85, C0...
 
[+]

Entropy:
6.4047

Code size:
388 KB (397,312 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\speed browser\application\browser.exe" -- "%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to a23-4-246-252.deploy.static.akamaitechnologies.com  (23.4.246.252:443)

TCP (HTTP SSL):
Connects to a23-38-145-52.deploy.static.akamaitechnologies.com  (23.38.145.52:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to ec2-54-72-47-163.eu-west-1.compute.amazonaws.com  (54.72.47.163:80)

TCP (HTTP SSL):
Connects to a72-246-216-33.deploy.akamaitechnologies.com  (72.246.216.33:443)

TCP (HTTP SSL):
Connects to 201-048-207-209.static.ctbctelecom.com.br  (201.48.207.209:443)

TCP (HTTP):
Connects to ec2-52-214-166-46.eu-west-1.compute.amazonaws.com  (52.214.166.46:80)

TCP (HTTP):
Connects to a201-016-134-136.deploy.akamaitechnologies.com  (201.16.134.136:80)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.6:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP (HTTP):
Connects to ec2-52-16-174-255.eu-west-1.compute.amazonaws.com  (52.16.174.255:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP SSL):
Connects to spdc.pbp.vip.bf1.yahoo.com  (98.139.225.35:443)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-gru2.facebook.com  (31.13.85.37:443)

TCP (HTTP SSL):
Connects to ec2-54-215-170-108.us-west-1.compute.amazonaws.com  (54.215.170.108:443)

TCP (HTTP SSL):
Connects to ec2-54-210-244-43.compute-1.amazonaws.com  (54.210.244.43:443)

TCP (HTTP SSL):
Connects to ec2-54-209-53-28.compute-1.amazonaws.com  (54.209.53.28:443)

TCP (HTTP SSL):
Connects to ec2-54-207-34-156.sa-east-1.compute.amazonaws.com  (54.207.34.156:443)

TCP (HTTP):
Connects to a96-6-123-48.deploy.akamaitechnologies.com  (96.6.123.48:80)

TCP (HTTP SSL):
Connects to a23-4-247-21.deploy.static.akamaitechnologies.com  (23.4.247.21:443)

Remove browser.exe - Powered by Reason Core Security