obronablockads.exe

Obrona Block Ads

Download Sp. z.o.o.

The application obronablockads.exe by Download Sp. z.o.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 9880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program OBRONA BlockAds by Red Sky LLC.
Publisher:
RedSky Sp. z o.o.  (signed by Download Sp. z.o.o.)

Product:
Obrona Block Ads

Version:
1.1.37

MD5:
bc15d0dfda2780411a8ae2d930d57c36

SHA-1:
15a19e01e182f52cd565e60d7d5de2eda770022c

SHA-256:
dfa7145520e470f7caead53a1987557c2ed256ef1cdf451bf94bd4d99ccd1bba

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/27/2024 1:32:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Download (M)
16.5.21.11

File size:
1.5 MB (1,531,672 bytes)

Product version:
1.0

Copyright:
RedSky Sp. z o.o.

Original file name:
ObronaBlockAds

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\obrona block ads\obronablockads.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/9/2014 12:00:00 AM

Valid to:
12/14/2015 12:00:00 PM

Subject:
CN=Download Sp. z.o.o., O=Download Sp. z.o.o., L=Warszawa, C=PL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08883940928AE596451853B69F51C554

File PE Metadata
Compilation timestamp:
5/14/2015 3:16:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:BFAc9TeLYVFllk5Xda4b8SmHSSZ4XcEgEkg5ua6sT:BPGmloNlbUlZ4X1ua6sT

Entry address:
0x7EAB9

Entry point:
E8, A5, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, 8C, 55, 00, 89, 0D, 74, 8C, 55, 00, 89, 15, 70, 8C, 55, 00, 89, 1D, 6C, 8C, 55, 00, 89, 35, 68, 8C, 55, 00, 89, 3D, 64, 8C, 55, 00, 66, 8C, 15, 90, 8C, 55, 00, 66, 8C, 0D, 84, 8C, 55, 00, 66, 8C, 1D, 60, 8C, 55, 00, 66, 8C, 05, 5C, 8C, 55, 00, 66, 8C, 25, 58, 8C, 55, 00, 66, 8C, 2D, 54, 8C, 55, 00, 9C, 8F, 05, 88, 8C, 55, 00, 8B, 45, 00, A3, 7C, 8C, 55, 00, 8B, 45, 04, A3, 80, 8C, 55, 00, 8D, 45, 08, A3, 8C, 8C, 55...
 
[+]

Entropy:
6.5626

Packer / compiler:
PEQuake V0.06

Code size:
549.5 KB (562,688 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:9880/

Local host port:
9880

Default credentials:
No


The file obronablockads.exe has been discovered within the following program.

OBRONA BlockAds  by Red Sky LLC
blockads.obrona.org/contact.html
About 6% of users remove it
 
Powered by Should I Remove It?

Remove obronablockads.exe - Powered by Reason Core Security