» BrowserWeb.exe
Overview
Analysis
File Details
Programs (1)
Network (13)

BrowserWeb.exe

BrowserWeb

Softforce LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application BrowserWeb.exe by Softforce has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This file is typically installed with the program MixVideoPlayer by SoftForce LLC. While running, it connects to the Internet address server-52-84-63-131.ord51.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

BrowserWeb.exe

Publisher:

Softforce LLC (signed and verified)

Product:

BrowserWeb

Version:

1.0.0.17

MD5:

718a81626b1de6eaec4bd2ae10a83f13

SHA-1:

260281c36e8e99eafaee6f6ac79f5e6429023e5e

SHA-256:

fd880558ada8851cfecdfe983058dcb4aea97202e025693dc55769e5f8042b59

Scanner detections:

17 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/23/2024 12:59:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Bawswerps.1

569

Avira AntiVirus

ADWARE/Bawswerps.116736.1

8.3.1.6

Arcabit

Trojan.Adware.Bawswerps.1

1.0.0.425

avast!

MSIL:Adware-N [Adw]

2014.9-150715

AVG

Generic

2016.0.3047

Baidu Antivirus

PUA.Win32.SoftPulse

4.0.3.15715

Bitdefender

Gen:Variant.Adware.Bawswerps.1

1.0.20.980

Dr.Web

Trojan.Domaiq.325

9.0.1.0196

Emsisoft Anti-Malware

Gen:Variant.Adware.Bawswerps

8.15.07.15.06

ESET NOD32

MSIL/NewPlayer.D potentially unwanted (variant)

9.11941

F-Secure

Gen:Variant.Adware.Bawswerps

11.2015-15-07_4

G Data

Gen:Variant.Adware.Bawswerps

15.7.25

K7 AntiVirus

Adware

13.206.16564

Microsoft Security Essentials

Adware:MSIL/Bawswerps

1.1.11804.0

MicroWorld eScan

Gen:Variant.Adware.Bawswerps.1

16.0.0.588

Panda Antivirus

PUP/Multitoolbar

15.07.15.06

Reason Heuristics

PUP.Softpulse.Softforce.Bundler (M)

15.7.15.18

File size:

119.7 KB (122,536 bytes)

Product version:

1.0.0.17

Original file name:

BrowserWeb.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\Program Files\mixvideoplayer\browserweb.exe

Digital Signature

Signed by:

Softforce LLC

Authority:

thawte, Inc.

Valid from:

12/18/2014 3:00:00 AM

Valid to:

12/19/2015 2:59:59 AM

Subject:

CN=Softforce LLC, O=Softforce LLC, L=Wilmington, S=Delaware, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

39EFBC248CD996B345705A5A0ED70147

File PE Metadata

Compilation timestamp:

7/14/2015 1:11:28 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

3072:XoEQlHHHHHHHHHHHHFHHHHHHHHHHHHHHHHEGoEQlHHHHHHHHHHHHFHHHHHHHHHHN:sHHHHHHHHHHHHFHHHHHHHHHHHHHHHHg3

Entry address:

0x1CD6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0629

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

107.5 KB (110,080 bytes)

The file BrowserWeb.exe has been discovered within the following programs.

MixVideoPlayer by SoftForce LLC

About 2% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-85-133-170.iad53.r.cloudfront.net (52.85.133.170:80)

TCP (HTTP):

Connects to ec2-54-187-119-69.us-west-2.compute.amazonaws.com (54.187.119.69:80)

TCP (HTTP):

Connects to ec2-52-26-110-152.us-west-2.compute.amazonaws.com (52.26.110.152:80)

TCP (HTTP):

Connects to server-54-230-81-246.mia50.r.cloudfront.net (54.230.81.246:80)

TCP (HTTP):

Connects to server-54-230-5-21.dfw3.r.cloudfront.net (54.230.5.21:80)

TCP (HTTP):

Connects to server-54-230-163-143.jax1.r.cloudfront.net (54.230.163.143:80)

TCP (HTTP):

Connects to server-52-85-94-154.jfk5.r.cloudfront.net (52.85.94.154:80)

TCP (HTTP):

Connects to server-52-85-63-84.lhr50.r.cloudfront.net (52.85.63.84:80)

TCP (HTTP):

Connects to server-52-85-221-209.cdg50.r.cloudfront.net (52.85.221.209:80)

TCP (HTTP):

Connects to server-52-84-63-52.ord51.r.cloudfront.net (52.84.63.52:80)

TCP (HTTP):

Connects to server-52-84-63-131.ord51.r.cloudfront.net (52.84.63.131:80)

TCP (HTTP):

Connects to server-52-84-126-183.iad16.r.cloudfront.net (52.84.126.183:80)

TCP (HTTP):

Connects to 201-048-053-045.static.ctbc.com.br (201.48.53.45:80)

Remove BrowserWeb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.