home

obronablockads.exe

Obrona Block Ads

Download Sp. z.o.o.

The application obronablockads.exe by Download Sp. z.o.o has been detected as a potentially unwanted program by 2 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 9880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OBRONA BlockAds by Red Sky LLC.
Publisher:
RedSky Sp. z o.o.  (signed by Download Sp. z.o.o.)

Product:
Obrona Block Ads

Version:
1.1.33

MD5:
db47d80c7272e553a028357936fc3bf0

SHA-1:
10f9ff38fac51992783c7f2a64b590a926cbc51b

SHA-256:
1780440c1eb65e1afcd8f145e091cffeb2595bb65f9a14975f9e8267bcbd60c5

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:55:54 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.ObronaAds
v2015.01.28.12

Reason Heuristics
PUP.DownloadSpzoo
15.1.28.0

File size:
1.4 MB (1,510,680 bytes)

Product version:
1.0

Copyright:
RedSky Sp. z o.o.

Original file name:
ObronaBlockAds

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\obrona block ads\obronablockads.exe

Digital Signature
Signed by:
Download Sp. z.o.o.

Authority:
DigiCert Inc

Valid from:
12/8/2014 6:00:00 PM

Valid to:
12/14/2015 6:00:00 AM

Subject:
CN=Download Sp. z.o.o., O=Download Sp. z.o.o., L=Warszawa, C=PL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08883940928AE596451853B69F51C554

File PE Metadata
Compilation timestamp:
12/10/2014 3:49:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:o4FZagCGd9AefXDxXda4v8SmHSSZ4XcQ2Jqq:RLagtXdNlvUlZ4X6qq

Entry address:
0x7B2AC

Entry point:
E8, A2, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 00, 3C, 55, 00, 89, 0D, FC, 3B, 55, 00, 89, 15, F8, 3B, 55, 00, 89, 1D, F4, 3B, 55, 00, 89, 35, F0, 3B, 55, 00, 89, 3D, EC, 3B, 55, 00, 66, 8C, 15, 18, 3C, 55, 00, 66, 8C, 0D, 0C, 3C, 55, 00, 66, 8C, 1D, E8, 3B, 55, 00, 66, 8C, 05, E4, 3B, 55, 00, 66, 8C, 25, E0, 3B, 55, 00, 66, 8C, 2D, DC, 3B, 55, 00, 9C, 8F, 05, 10, 3C, 55, 00, 8B, 45, 00, A3, 04, 3C, 55, 00, 8B, 45, 04, A3, 08, 3C, 55, 00, 8D, 45, 08, A3, 14, 3C, 55...
 
[+]

Entropy:
6.5642

Code size:
533.5 KB (546,304 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:9880/

Local host port:
9880

Default credentials:
No


The file obronablockads.exe has been discovered within the following program.

OBRONA BlockAds  by Red Sky LLC
blockads.obrona.org/contact.html
About 6% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.100.50.201.138.clients.your-server.de  (138.201.50.100:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

TCP (HTTP):
Connects to ec2-52-21-162-54.compute-1.amazonaws.com  (52.21.162.54:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to a88-221-145-25.deploy.akamaitechnologies.com  (88.221.145.25:80)

Remove obronablockads.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.