BrowserBanner.exe

BrowserBanner

Softforce LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application BrowserBanner.exe by Softforce has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in.
Publisher:
Softforce LLC  (signed and verified)

Product:
BrowserBanner

Version:
1.1.1.17

MD5:
2ddc5599323f0be687168e190b2dc509

SHA-1:
e61c729b6afb39d0816909d8fbd20c81704726ed

SHA-256:
459a9292d40a669f37ecc68629726bbab2ff3f099367729a9fc53875947aa509

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 1:16:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softpulse.Softforc.Bundler (M)
16.4.28.21

File size:
478.1 KB (489,624 bytes)

Product version:
1.1.1.17

Original file name:
BrowserBanner.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Language Neutral

Common path:
C:\Program Files\mixvideoplayer\browserbanner.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
12/21/2015 10:00:00 PM

Valid to:
12/21/2016 9:59:59 PM

Subject:
CN=Softforce LLC, O=Softforce LLC, STREET="501 Silverside Road, Suite 105", L=Wilmington, S=Delaware, PostalCode=19809, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E2F9C8BD1BE23F60ED05C2B97B8A7A10

File PE Metadata
Compilation timestamp:
4/19/2016 5:02:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:OAHHHHHHHHHHHHFHHHHHHHHHHHHHHHHCHHHHHHHHHHHHFHHHHHHHHHHHHHHHHnBx:shTblmR/4OCf

Entry address:
0x1CD2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
107.5 KB (110,080 bytes)

Scheduled Task
Task name:
MixVideoPlayer browser banner

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 189.152.251.23.bc.googleusercontent.com  (23.251.152.189:80)

TCP (HTTP):
Connects to 51-15-145-148.rev.poneytelecom.eu  (51.15.145.148:80)

TCP (HTTP SSL):

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to ec2-54-187-119-69.us-west-2.compute.amazonaws.com  (54.187.119.69:80)

TCP (HTTP):
Connects to server-52-85-33-44.mnl50.r.cloudfront.net  (52.85.33.44:80)

TCP (HTTP):
Connects to server-54-192-75-176.hkg50.r.cloudfront.net  (54.192.75.176:80)

TCP (HTTP):
Connects to server-54-192-75-141.hkg50.r.cloudfront.net  (54.192.75.141:80)

TCP (HTTP):
Connects to server-52-85-33-94.mnl50.r.cloudfront.net  (52.85.33.94:80)

TCP (HTTP):
Connects to server-52-85-33-194.mnl50.r.cloudfront.net  (52.85.33.194:80)

TCP (HTTP):
Connects to server-52-85-33-174.mnl50.r.cloudfront.net  (52.85.33.174:80)

TCP (HTTP):
Connects to server-52-84-174-217.gru50.r.cloudfront.net  (52.84.174.217:80)

TCP (HTTP):
Connects to server-54-230-81-218.mia50.r.cloudfront.net  (54.230.81.218:80)

TCP (HTTP):
Connects to server-54-230-81-185.mia50.r.cloudfront.net  (54.230.81.185:80)

TCP (HTTP):
Connects to server-54-230-81-168.mia50.r.cloudfront.net  (54.230.81.168:80)

TCP (HTTP):
Connects to server-54-230-59-225.gru1.r.cloudfront.net  (54.230.59.225:80)

TCP (HTTP):
Connects to server-54-230-59-185.gru1.r.cloudfront.net  (54.230.59.185:80)

TCP (HTTP):
Connects to server-54-230-51-73.jfk5.r.cloudfront.net  (54.230.51.73:80)

TCP (HTTP):
Connects to server-54-230-206-104.atl50.r.cloudfront.net  (54.230.206.104:80)

TCP (HTTP):
Connects to server-54-230-163-199.jax1.r.cloudfront.net  (54.230.163.199:80)

Remove BrowserBanner.exe - Powered by Reason Core Security