home

browser.exe

Browser

Web Discover

The application browser.exe by Web Discover has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Web Discover  (signed and verified)

Product:
Browser

Version:
48.0.2564.10

MD5:
6df2420d6a6a2dc3fa9290d28dc7b233

SHA-1:
f294887e8327187b98715a8f91a7561ffb888ae2

SHA-256:
e63ec079eed75c334ea66e90f11db681fdcb703624cc28a9543fe98f2fa3aad3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:57:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebDisco (M)
16.7.7.19

File size:
962.2 KB (985,312 bytes)

Product version:
48.0.2564.10

Copyright:
Copyright 2016

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webdiscoverbrowser\2.177.2\browser.exe

Digital Signature
Signed by:
Web Discover

Authority:
Symantec Corporation

Valid from:
2/23/2016 1:00:00 AM

Valid to:
2/23/2017 12:59:59 AM

Subject:
CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6A8AE55D88F918454899216E122FA657

File PE Metadata
Compilation timestamp:
7/6/2016 8:25:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:LrniuLOyClDowWzTzznFrYwLoPXEam+cXGBQqzGZ6pnLwX:HPLORJGZawX

Entry address:
0x4B71A

Entry point:
E8, EC, B2, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Code size:
410 KB (419,840 bytes)

Scheduled Task
Task name:
WebDiscover Browser Launch Task

Trigger:
Logon (Runs on logon)

Description:
WebDiscover Browser Launch Task


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

TCP (HTTP):
Connects to a95-101-82-59.deploy.akamaitechnologies.com  (95.101.82.59:80)

TCP (HTTP SSL):
Connects to ec2-54-215-161-165.us-west-1.compute.amazonaws.com  (54.215.161.165:443)

TCP (HTTP SSL):
Connects to bam-8.nr-data.net  (162.247.242.20:443)

TCP (HTTP SSL):
Connects to a2-16-214-13.deploy.akamaitechnologies.com  (2.16.214.13:443)

TCP (HTTP):
Connects to a2-16-184-247.deploy.akamaitechnologies.com  (2.16.184.247:80)

TCP (HTTP SSL):
Connects to a104-125-30-205.deploy.static.akamaitechnologies.com  (104.125.30.205:443)

TCP (HTTP SSL):
Connects to static-212-6-83-094.ewe-ip-backbone.de  (212.6.83.94:443)

TCP (HTTP SSL):
Connects to static-212-6-83-059.ewe-ip-backbone.de  (212.6.83.59:443)

TCP (HTTP SSL):
Connects to static-212-6-83-015.ewe-ip-backbone.de  (212.6.83.15:443)

TCP (HTTP SSL):
Connects to static-212-6-83-121.ewe-ip-backbone.de  (212.6.83.121:443)

TCP (HTTP SSL):
Connects to static-212-6-83-113.ewe-ip-backbone.de  (212.6.83.113:443)

TCP (HTTP SSL):
Connects to static-212-6-83-038.ewe-ip-backbone.de  (212.6.83.38:443)

TCP (HTTP SSL):
Connects to static-212-6-83-034.ewe-ip-backbone.de  (212.6.83.34:443)

TCP (HTTP SSL):
Connects to static-212-6-83-027.ewe-ip-backbone.de  (212.6.83.27:443)

TCP (HTTP SSL):
Connects to static-212-6-82-109.ewe-ip-backbone.de  (212.6.82.109:443)

TCP (HTTP SSL):
Connects to static-212-6-82-093.ewe-ip-backbone.de  (212.6.82.93:443)

TCP (HTTP SSL):
Connects to static-212-006-086-241.ewe-ip-backbone.de  (212.6.86.241:443)

TCP (HTTP SSL):
Connects to server-52-85-184-129.fra2.r.cloudfront.net  (52.85.184.129:443)

TCP (HTTP SSL):
Connects to geohard.xyz  (82.146.50.20:443)

Remove browser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.