home

ContentExplorer.exe

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Lake Ventures has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer. This executable runs as a local area network (LAN) Internet proxy server listening on port 63390 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
ContentExplorer  (signed by Lake Ventures LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
783a1e2d11c65e877abaee7c40c34e25

SHA-1:
7e7d20b8bae28df5356df8c70d7ae7b0dc81763d

SHA-256:
42840ed5805ca6b5f958349df5dd95d279ea18849bfe1b1e975b7f4cdc23aa38

Scanner detections:
8 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/24/2024 7:05:09 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.MSIL.Gen
7.11.141.68

Baidu Antivirus
Adware.MSIL.iBryte
4.0.3.141029

Dr.Web
Adware.iBryte.491
9.0.1.05190

ESET NOD32
MSIL/Adware.iBryte (variant)
8.10547

McAfee
Artemis!3C5098BEA3C0
5600.6962

Reason Heuristics
PUP.LakeVentures.P
14.10.29.22

Sophos
Generic PUA CJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V0819
7.2.302

File size:
2.3 MB (2,429,680 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Signed by:
Lake Ventures LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2013 7:22:44 PM

Valid to:
12/17/2014 7:22:44 PM

Subject:
CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B14BBCA37F140

File PE Metadata
Compilation timestamp:
10/29/2014 10:00:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:/xiz2p2tCYyN4L8Tdwruc/f1CsmGEUDkfZk7CJhUhxqpLa0:bOFymYTuruwf1CZGEkC7Uyp+0

Entry address:
0x250082

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,417,152 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:63390/

Local host port:
63390

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-87-43-231.compute-1.amazonaws.com  (52.87.43.231:80)

TCP (HTTP):
Connects to ec2-54-85-204-114.compute-1.amazonaws.com  (54.85.204.114:80)

TCP (HTTP):
Connects to ec2-54-209-12-138.compute-1.amazonaws.com  (54.209.12.138:80)

TCP (HTTP):
Connects to ec2-52-4-29-113.compute-1.amazonaws.com  (52.4.29.113:80)

TCP (HTTP):
Connects to ec2-52-6-38-43.compute-1.amazonaws.com  (52.6.38.43:80)

TCP (HTTP):
Connects to ec2-52-73-79-56.compute-1.amazonaws.com  (52.73.79.56:80)

TCP (HTTP):
Connects to ec2-52-44-231-59.compute-1.amazonaws.com  (52.44.231.59:80)

TCP (HTTP):
Connects to ec2-52-6-61-36.compute-1.amazonaws.com  (52.6.61.36:80)

TCP (HTTP):
Connects to ec2-54-175-63-43.compute-1.amazonaws.com  (54.175.63.43:80)

TCP (HTTP):
Connects to ec2-52-55-229-79.compute-1.amazonaws.com  (52.55.229.79:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-07-mia1.fbcdn.net  (31.13.73.104:443)

TCP (HTTP SSL):
Connects to edge-star-shv-03-gru1.facebook.com  (31.13.85.33:443)

TCP (HTTP SSL):
Connects to edge-star-shv-02-gru1.facebook.com  (31.13.85.16:443)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to corporativo.gvt.net.br  (189.59.93.162:80)

TCP (HTTP SSL):
Connects to channel-proxy-shv-13-prn1.facebook.com  (69.171.235.19:443)

TCP (HTTP SSL):
Connects to channel-proxy-shv-06-ash2.facebook.com  (173.252.102.24:443)

TCP (HTTP):
Connects to cds913.iad.llnw.net  (208.111.162.61:80)

TCP (HTTP):
Connects to cds905.iad.llnw.net  (208.111.162.53:80)

TCP (HTTP):
Connects to cds821.iad.llnw.net  (208.111.161.104:80)

Remove ContentExplorer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.