browser.exe

Browser

Web Discover

The executable browser.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Web Discover  (signed and verified)

Product:
Browser

Version:
55.0.2859.0

MD5:
21ae2c6ed2531bedde43d76dad93ff46

SHA-1:
c3ab3084e0ce0bacfccd52dcd58bc2d7ee6b7931

SHA-256:
173698f567acc89e121bff9ad0cf9b0cf1531e7eee8dd9085426adb10c1c1e9f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 7:05:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.21.6

File size:
3 MB (3,102,944 bytes)

Product version:
55.0.2859.0

Copyright:
Copyright 2016

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webdiscoverbrowser\2.22.2\browser.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
1/9/2017 4:00:00 PM

Valid to:
2/23/2018 3:59:59 PM

Subject:
CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
409E4C9DD669272BE87359D12792FEE8

File PE Metadata
Compilation timestamp:
2/20/2017 4:43:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x21666A

Entry point:
E8, 97, 09, 00, 00, E9, 8E, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Entropy:
6.5883

Code size:
2.3 MB (2,403,840 bytes)

Scheduled Task
Task name:
WebDiscover Browser Launch Task

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:80)

TCP (HTTP SSL):
Connects to ws-18-do-e-ny-3.wdnotifications.com  (45.55.41.62:443)

TCP (HTTP):
Connects to ec2-50-112-12-85.us-west-2.compute.amazonaws.com  (50.112.12.85:80)

TCP (HTTP SSL):
Connects to dc122.4shared.com  (208.88.227.157:443)

TCP (HTTP SSL):
Connects to c-b390-u0741-90.webazilla.com  (74.117.178.90:443)

TCP (HTTP):
Connects to 113-125-232-198.static.unitasglobal.net  (198.232.125.113:80)

TCP (HTTP SSL):
Connects to ec2-52-8-154-221.us-west-1.compute.amazonaws.com  (52.8.154.221:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-atl3.fbcdn.net  (31.13.65.7:443)

TCP (HTTP):
Connects to server-54-239-172-169.atl50.r.cloudfront.net  (54.239.172.169:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-atl3.facebook.com  (31.13.65.36:443)

TCP (HTTP SSL):
Connects to dc123.4shared.com  (208.88.227.158:443)

TCP (HTTP SSL):
Connects to c-t130-u2119-187.webazilla.com  (199.101.134.187:443)

TCP (HTTP SSL):
Connects to c-t130-u2081-180.webazilla.com  (199.101.134.180:443)

TCP (HTTP SSL):
Connects to c-t130-u1268-172.webazilla.com  (199.101.134.172:443)

TCP (HTTP SSL):
Connects to c-n160-uc0591-173.webazilla.com  (208.88.227.173:443)

TCP (HTTP SSL):
Connects to c-b390-u0734-83.webazilla.com  (74.117.178.83:443)

TCP (HTTP SSL):
Connects to c-a420-u0867-159.webazilla.com  (199.101.133.159:443)

TCP (HTTP SSL):
Connects to c-a420-u0864-156.webazilla.com  (199.101.133.156:443)

TCP (HTTP SSL):
Connects to bam-2.nr-data.net  (50.31.164.166:443)

TCP (HTTP):
Connects to server-54-230-206-84.atl50.r.cloudfront.net  (54.230.206.84:80)

Remove browser.exe - Powered by Reason Core Security