home

browser.exe

speed browser

Smart Applications

The application browser.exe has been detected as a potentially unwanted program by 3 anti-malware scanners.
Publisher:
Smart Applications

Product:
speed browser

Version:
40.0.2214.45

MD5:
6be1f78cfd5cc54b03091f86829a61e2

SHA-1:
b23f208eaa91287a988dbc4c07bd5aff8cf4dc0e

SHA-256:
93f2cfd97a9629d03674c002ceea3ce9f8ef1c9f06c4878fc6fb5744705a6a3f

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:15:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SmartApplications.Meta (M)
15.6.29.1

Trend Micro House Call
TROJ_GEN.R047H05EN15
7.2.154

VIPRE Antivirus
Trojan.Win32.Generic
40666

File size:
782.5 KB (801,280 bytes)

Product version:
40.0.2214.45

Copyright:
Copyright 2014 Smart Applications. All rights reserved.

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\speed browser\application\browser.exe

File PE Metadata
Compilation timestamp:
5/15/2015 8:42:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:Nx76mTAvsxvjN/o3UV16ijQKfF82Z7LUfCD+x3eVbplmU4M6SK9QpZHYxSZjjRWW:NxPAsVQiSx3eXlH6SvZjjRBDI

Entry address:
0x43808

Entry point:
E8, C8, CD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74...
 
[+]

Entropy:
6.3933

Code size:
382 KB (391,168 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\Program Files\speed browser\application\browser.exe" -- "%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-17-158-153.eu-west-1.compute.amazonaws.com  (52.17.158.153:80)

TCP (HTTP):
Connects to ec2-52-209-20-4.eu-west-1.compute.amazonaws.com  (52.209.20.4:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to ec2-52-214-166-46.eu-west-1.compute.amazonaws.com  (52.214.166.46:80)

TCP (HTTP SSL):
Connects to edge-z-m-mini-shv-01-gru2.facebook.com  (31.13.85.37:443)

TCP (HTTP):
Connects to ec2-52-16-174-255.eu-west-1.compute.amazonaws.com  (52.16.174.255:80)

TCP (HTTP SSL):
Connects to server-52-85-167-73.gig50.r.cloudfront.net  (52.85.167.73:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-lhr3.facebook.com  (31.13.90.2:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-lhr3.facebook.com  (31.13.90.36:443)

TCP (HTTP):
Connects to ec2-54-207-34-156.sa-east-1.compute.amazonaws.com  (54.207.34.156:80)

TCP (HTTP):
Connects to cache.google.com  (200.229.223.44:80)

TCP (HTTP SSL):
Connects to c3.5a.adb8.ip4.static.sl-reverse.com  (184.173.90.195:443)

TCP (HTTP SSL):
Connects to 226.130.154.104.bc.googleusercontent.com  (104.154.130.226:443)

TCP (HTTP SSL):
Connects to 162.72-253-62.static.virginmediabusiness.co.uk  (62.253.72.162:443)

TCP (HTTP):
Connects to ec2-54-246-181-97.eu-west-1.compute.amazonaws.com  (54.246.181.97:80)

TCP (HTTP SSL):
Connects to a92-122-89-197.deploy.akamaitechnologies.com  (92.122.89.197:443)

TCP (HTTP SSL):
Connects to a104-74-16-199.deploy.static.akamaitechnologies.com  (104.74.16.199:443)

TCP (HTTP SSL):
Connects to s3-1.amazonaws.com  (52.216.82.19:443)

TCP (HTTP):
Connects to ec2-54-72-47-163.eu-west-1.compute.amazonaws.com  (54.72.47.163:80)

Remove browser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.