ContentExplorer.exe

Lake Ventures LLC

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application ContentExplorer.exe by Lake Ventures has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ContentExplorer’.
Publisher:
ContentExplorer  (signed by Lake Ventures LLC)

Product:
ContentExplorer

Version:
8.0

MD5:
653406824ca10fb7c35c331abf61dda3

SHA-1:
95001fe133bcb57b50375b3d7dd4d0c1a6efc5c6

SHA-256:
87fb5765785b42441e59fafa37fc794edde13b2b29ebe86647048b490a66fbcb

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/22/2024 8:06:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Adknowledge (M)
17.3.12.5

File size:
2.3 MB (2,429,680 bytes)

Product version:
8.0

Copyright:
Copyright © ContentExplorer 2014

Original file name:
ContentExplorer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2013 8:22:44 PM

Valid to:
12/17/2014 8:22:44 PM

Subject:
CN=Lake Ventures LLC, O=Lake Ventures LLC, L=Aliso Viejo, S=California, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B14BBCA37F140

File PE Metadata
Compilation timestamp:
12/4/2014 9:45:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x250086

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.3 MB (2,417,152 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ContentExplorer

Command:
"C:\users\{user}\appdata\roaming\contentexplorer\contentexplorer.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-85-204-114.compute-1.amazonaws.com  (54.85.204.114:80)

TCP (HTTP):
Connects to ec2-52-6-217-161.compute-1.amazonaws.com  (52.6.217.161:80)

TCP (HTTP):
Connects to ec2-52-44-231-59.compute-1.amazonaws.com  (52.44.231.59:80)

TCP (HTTP):
Connects to ec2-52-22-153-193.compute-1.amazonaws.com  (52.22.153.193:80)

Remove ContentExplorer.exe - Powered by Reason Core Security