» browserserver.exe
Overview
Analysis
File Details
Network (1)

browserserver.exe

Zhixiong Zhao

The executable browserserver.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address e.a0.a86c.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

browserserver.exe

Publisher:

Zhixiong Zhao (signed and verified)

Version:

45.5.2454.18

MD5:

a105f76336120c14c64ba226c6d35b72

SHA-1:

6d98f232c7c3f054092ddf2fe142d3093ccebecc

SHA-256:

0a8006fd7cd1bda6ddd38ce97389818a1c10909eb3915f3940be96cd8218bb28

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

1/13/2025 5:21:08 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Trojan.Ghokswa (M)

16.10.17.9

File size:

366.2 KB (375,008 bytes)

Product version:

45.5.2454.18

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ghokswa browser\ghokswa\bin\browserserver.exe

Digital Signature

Signed by:

Zhixiong Zhao

Authority:

thawte, Inc.

Valid from:

6/2/2015 8:00:00 AM

Valid to:

6/2/2016 7:59:59 AM

Subject:

CN=Zhixiong Zhao, OU=Individual Developer, O=No Organization Affiliation, L=Guangzhou, S=Guandong, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

57409EBFEBEAF8B7ABAF024ABACC1A0D

File PE Metadata

Compilation timestamp:

9/10/2015 9:56:36 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:freXctkahoGG2YPYk4QeYIwj4yB4LScuKcyf3rfxhuaILm6YP:freX8FmL4yBTUfbfLu9KFP

Entry address:

0x25962

Entry point:

E8, 17, 43, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 30, 63, 45, 00, 75, 02, F3, C3, E9, 03, 13, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 2C, 85, 45, 00, FF, 15, 20, 52, 44, 00, 85, C0, 75, 18, 56, E8, 79, 4A, 00, 00, 8B, F0, FF, 15, 64, 52, 44, 00, 50, E8, 7E, 4A, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 77, 6F, 53, 57, A1, 2C, 85, 45, 00, 85, C0, 75, 1D, E8, 48, 40, 00, 00, 6A, 1E, E8, 9E, 40, 00, 00, 68, FF, 00, 00, 00, E8, 82, 37, 00, 00, A1, 2C... 
[+]

Entropy:

6.4953

Code size:

270 KB (276,480 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to e.a0.a86c.ip4.static.sl-reverse.com (108.168.160.14:80)

Remove browserserver.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.