ContentExplorer.exe

Application Genius, LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Application Genius has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ContentExplorer’. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
ContentExplorer  (signed by Application Genius, LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
e4df1cf0fb799cd0e3766452993b6f36

SHA-1:
6298f5e057ac84da95086c3d585d1f066c4e57ee

SHA-256:
e7ef339b54b63231dea50e8f8141e0b85549d7fa658512c23a3bfcd0ba780913

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/28/2024 11:05:42 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.204.248

avast!
Win32:IBryte-JC [PUP]
150129-1

AVG
Generic
2016.0.3213

Baidu Antivirus
Adware.Win32.iBryte
4.0.3.15130

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
20835

Dr.Web
Trojan.iBryte.284
9.0.1.030

ESET NOD32
MSIL/Adware.iBryte.P application
7.0.302.0

Fortinet FortiGate
Adware/IBryte
1/30/2015

F-Secure
Adware.BrowseFox.BB
11.2015-14-02_7

McAfee
Artemis!B211B824C314
5600.6869

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Startup.Adknowledge
15.2.14.11

Sophos
Generic PUA NO
4.98

Trend Micro House Call
Suspicious_GEN.F47V0104
7.2.30

VIPRE Antivirus
iBryte
36956

File size:
2.3 MB (2,392,760 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/30/2014 5:32:38 PM

Valid to:
12/29/2016 2:07:38 PM

Subject:
CN="Application Genius, LLC", O="Application Genius, LLC", L=Walnut, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
629B575CD8F3186B

File PE Metadata
Compilation timestamp:
1/27/2015 8:00:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:S1GFWLDKUZSm+r5MvwyxQ0xsgIMpjwxEsAfp:4GYvOZNWwfospEs2p

Entry address:
0x247172

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8373

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,380,288 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ContentExplorer

Command:
"C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to lga15s47-in-f17.1e100.net  (173.194.123.49:80)

TCP (HTTP):
Connects to ig-in-f106.1e100.net  (74.125.193.106:80)

Remove ContentExplorer.exe - Powered by Reason Core Security