browzar 1.2.0.1 black (kaldata.com).exe

Browzar

Browzar Limited

The application browzar 1.2.0.1 black (kaldata.com).exe, “Browzar Private Web Browser” by Browzar Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address smtp.quba.co.uk on port 80 using the HTTP protocol.
Publisher:
Browzar Ltd.  (signed by Browzar Limited)

Product:
Browzar

Description:
Browzar Private Web Browser

Version:
1, 2, 0, 1

MD5:
c01f17b5004daf14b0261b374590600e

SHA-1:
d0aed65c4b014f7fefd21b18b56bfef3c723d8ee

SHA-256:
b9e24ea50994c0658d5ad102ee1b0fdda224005856c3612c0facb207b39ba867

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 7:08:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Browzar (M)
15.9.19.14

File size:
272.5 KB (279,000 bytes)

Product version:
1, 2, 0, 1

Copyright:
© Copyright 2006 Browzar Ltd.

Original file name:
Browzar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
8/17/2006 3:00:00 AM

Valid to:
8/18/2007 2:59:59 AM

Subject:
CN=Browzar Limited, O=Browzar Limited, STREET=18 Wheathouse Road, L=Huddersfield, S=West Yorkshire, PostalCode=HD2 2UW, C=GB

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A814A924256BA46FE3C00EBDAE45FD13

File PE Metadata
Compilation timestamp:
10/30/2006 7:43:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:WRSt3kIhCh2xzbq+1/r4jGx41fEC4EtH/JEVJehWdYcYENQAHwVca7:WRSt0w7x1/r4jq4nHxrWmjqzwVc

Entry address:
0xCBB2

Entry point:
55, 8B, EC, 6A, FF, 68, 68, 03, 41, 00, 68, 3E, CD, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, DC, E7, 40, 00, 59, 83, 0D, C4, 39, 41, 00, FF, 83, 0D, C8, 39, 41, 00, FF, FF, 15, D8, E7, 40, 00, 8B, 0D, B8, 39, 41, 00, 89, 08, FF, 15, D4, E7, 40, 00, 8B, 0D, B4, 39, 41, 00, 89, 08, A1, D0, E7, 40, 00, 8B, 00, A3, C0, 39, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, 80, 37, 41, 00, 75, 0C, 68, 3A, CD, 40, 00, FF, 15, CC, E7...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
52 KB (53,248 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to smtp.quba.co.uk  (134.213.173.254:80)

Remove browzar 1.2.0.1 black (kaldata.com).exe - Powered by Reason Core Security