browser.exe

Yandex

YANDEX LLC

This file is installed with the program Yandex.
Publisher:
YANDEX LLC  (signed and verified)

Product:
Yandex

Version:
35.0.1916.15574

MD5:
2900094da37627f97c919314585468d2

SHA-1:
97f1c7030ad547dac0127f13de19239b86e693d5

SHA-256:
423f4ff39055559c0514a6a992ff2a0f3a4f5de568c97637f6475bf729c5775d

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/25/2024 2:48:03 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
MULDROP.Trojan
9.0.1.0203

File size:
1.4 MB (1,454,384 bytes)

Product version:
35.0.1916.15574

Copyright:
Copyright © 2012-2013 YANDEX LLC. All Rights Reserved.

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\yandex\yandexbrowser\application\browser.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/15/2013 3:00:00 AM

Valid to:
1/16/2016 2:59:59 AM

Subject:
CN=YANDEX LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=YANDEX LLC, L=Moscow, S=Moscow, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3667E158B524C8FFBFE538172786F1E2

File PE Metadata
Compilation timestamp:
7/18/2014 1:41:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:FxFdxMZRWs0Z1sgqSBogpow19SkYKJpAd9:ln2bgbogSqYKo9

Entry address:
0x4A94F

Entry point:
E8, F0, B0, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 56, 8B, F1, 8B, 4D, 08, C6, 46, 0C, 00, 85, C9, 75, 66, 57, E8, 04, 7A, 00, 00, 8B, F8, 89, 7E, 08, 8B, 57, 6C, 89, 16, 8B, 4F, 68, 89, 4E, 04, 3B, 15, F4, 3A...
 
[+]

Code size:
411.5 KB (421,376 bytes)

The file browser.exe has been discovered within the following programs.

Yandex  by Yandex
The software is typically bundled with third party installers such as Open Candy. "Offer your users Yandex Elements for fast access to Yandex search, visual bookmarks, and much more. Note: Sets homepage, search default, and new tab to Yandex search."
www.yandex.ru
30% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to track-eu.adform.net  (85.235.246.3:443)

TCP (HTTP):
Connects to schacharena.de  (78.46.68.208:80)

TCP (HTTP):
Connects to ref.weather-perf.akadns.net  (96.8.83.132:80)

TCP (HTTP):
Connects to na.gmtdmp.com  (208.71.122.14:80)

TCP (HTTP):
Connects to m-prd-pxl-adcom-mtc.evip.aol.com  (64.12.106.9:80)

TCP (HTTP):
Connects to m-nb.xplusone.com  (199.38.164.155:80)

TCP (HTTP):
Connects to ham02s11-in-f5.1e100.net  (173.194.113.133:80)

TCP (HTTP):
Connects to ham02s11-in-f2.1e100.net  (173.194.113.130:80)

TCP (HTTP SSL):
Connects to ham02s11-in-f15.1e100.net  (173.194.113.143:443)

TCP (HTTP):
Connects to fra07s31-in-f6.1e100.net  (173.194.112.134:80)

TCP (HTTP):
Connects to fra07s31-in-f13.1e100.net  (173.194.112.141:80)

TCP (HTTP):
Connects to ee-in-f95.1e100.net  (173.194.65.95:80)

TCP (HTTP SSL):
Connects to edge-star-shv-16-fra3.facebook.com  (31.13.93.97:443)

TCP (HTTP):
Connects to api.browser.yandex.ru  (93.158.134.82:80)

TCP (HTTP):
Connects to a23-209-160-143.deploy.static.akamaitechnologies.com  (23.209.160.143:80)

TCP (HTTP):
Connects to a23-209-153-63.deploy.static.akamaitechnologies.com  (23.209.153.63:80)

TCP (HTTP):
Connects to a2-16-62-82.deploy.akamaitechnologies.com  (2.16.62.82:80)

TCP (HTTP):
Connects to a2-16-62-67.deploy.akamaitechnologies.com  (2.16.62.67:80)

Scan browser.exe - Powered by Reason Core Security