browser.exe

Browser

Web Discover

The executable browser.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address northampton.blackboard.com on port 443.
Publisher:
Web Discover  (signed and verified)

Product:
Browser

Version:
48.0.2564.10

MD5:
a7cf8603be95639907d8c28d63feb6e3

SHA-1:
f8724a4df2c622e3fe45d387a6b5a729b98e035f

SHA-256:
6153ac1d948c114903fc86dddbc0f462855636b5b05d85407dd8e13f377fc29d

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/26/2024 8:08:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.8.31.22

File size:
962.2 KB (985,312 bytes)

Product version:
48.0.2564.10

Copyright:
Copyright 2016

Original file name:
browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webdiscover\2.222.2\browser.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
2/22/2016 5:00:00 PM

Valid to:
2/22/2017 4:59:59 PM

Subject:
CN=Web Discover, O=Web Discover, L=Wilmington, S=Delaware, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6A8AE55D88F918454899216E122FA657

File PE Metadata
Compilation timestamp:
8/30/2016 2:10:35 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:NIXqLpH+/grzwYJnf7P0slTld5gW8E6EOtIK9LCW0jZ+RI4Z:EkH+0TjZh4Z

Entry address:
0x4B71A

Entry point:
E8, EC, B2, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1...
 
[+]

Entropy:
5.4967

Code size:
410 KB (419,840 bytes)

Scheduled Task
Task name:
WebDiscover Launch Task

Trigger:
Logon (Runs on logon)

Description:
WebDiscover Launch Task


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to www.greyhoundchannel.com  (206.169.236.162:443)

TCP (HTTP):
Connects to server-52-84-76-93.atl52.r.cloudfront.net  (52.84.76.93:80)

TCP (HTTP SSL):
Connects to ec2-52-52-87-56.us-west-1.compute.amazonaws.com  (52.52.87.56:443)

TCP (HTTP):
Connects to ec2-23-23-170-207.compute-1.amazonaws.com  (23.23.170.207:80)

TCP (HTTP SSL):
Connects to ec2-54-215-161-165.us-west-1.compute.amazonaws.com  (54.215.161.165:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to intuit.com.102.122.2o7.net  (63.140.34.152:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP SSL):
Connects to ec2-34-198-87-245.compute-1.amazonaws.com  (34.198.87.245:443)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.mib.yahoo.com  (68.180.134.8:443)

TCP (HTTP SSL):
Connects to a104-92-9-52.deploy.static.akamaitechnologies.com  (104.92.9.52:443)

TCP (HTTP SSL):
Connects to tacoda-atwola-prod-mtc-a.evip.aol.com  (64.12.235.98:443)

TCP (HTTP SSL):
Connects to northampton.blackboard.com  (69.196.229.133:443)

TCP (HTTP SSL):
Connects to n7k01-inet-ny8-v300.us.criteo.net  (74.119.118.67:443)

TCP (HTTP SSL):
Connects to a23-219-117-96.deploy.static.akamaitechnologies.com  (23.219.117.96:443)

TCP (HTTP SSL):
Connects to spcms.pbp.vip.bf1.yahoo.com  (72.30.202.150:443)

TCP (HTTP SSL):
Connects to r2.ycpi.vip.ne1.yahoo.net  (98.138.81.73:443)

TCP (HTTP SSL):
Connects to r1.ycpi.vip.bf1.yahoo.net  (98.139.199.204:443)

TCP (HTTP SSL):
Connects to ec2-54-70-215-106.us-west-2.compute.amazonaws.com  (54.70.215.106:443)

TCP (HTTP SSL):
Connects to ec2-52-7-240-10.compute-1.amazonaws.com  (52.7.240.10:443)

Remove browser.exe - Powered by Reason Core Security