ContentExplorer.exe

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Lake Ventures has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 50701 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
ContentExplorer  (signed by Lake Ventures LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
4818e72824fa7384a8411715ae7c750a

SHA-1:
64896fbf007d96aaf63aeb05f0c352f2afaa27fb

SHA-256:
91517df6646bf610bc9b563f5a749228c97026837a024d9274c8bc6e888c305f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/28/2024 3:39:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
17.1.25.22

File size:
2.3 MB (2,429,680 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2013 8:22:44 PM

Valid to:
12/17/2014 8:22:44 PM

Subject:
CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B14BBCA37F140

File PE Metadata
Compilation timestamp:
12/9/2014 2:45:27 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x250082

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,417,152 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:50701/

Local host port:
50701

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to whatsapp-cdn-shv-01-gru2.fbcdn.net  (31.13.85.51:443)

TCP (HTTP SSL):
Connects to whatsapp-cdn-shv-01-atl3.fbcdn.net  (31.13.65.49:443)

TCP (HTTP SSL):
Connects to server-52-85-167-122.gig50.r.cloudfront.net  (52.85.167.122:443)

TCP (HTTP SSL):
Connects to gru09s18-in-f14.1e100.net  (216.58.202.46:443)

TCP (HTTP SSL):
Connects to gru06s31-in-f206.1e100.net  (216.58.202.206:443)

TCP (HTTP SSL):
Connects to gru06s30-in-f14.1e100.net  (216.58.202.174:443)

TCP (HTTP SSL):
Connects to gru06s30-in-f13.1e100.net  (216.58.202.173:443)

TCP (HTTP SSL):
Connects to gru06s29-in-f131.1e100.net  (216.58.202.131:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-gru2.facebook.com  (31.13.85.8:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP:
Connects to cb-in-f188.1e100.net  (64.233.186.188:5228)

TCP (HTTP SSL):
Connects to ae.e0.559e.ip4.static.sl-reverse.com  (158.85.224.174:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 14.d2.36a9.ip4.static.sl-reverse.com  (169.54.210.20:443)

Remove ContentExplorer.exe - Powered by Reason Core Security