tmp0000003b51c69c74c1103c02

BrowserWeb

Softforce LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file tmp0000003b51c69c74c1103c02 by Softforce has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer.
Publisher:
Softforce LLC  (signed and verified)

Product:
BrowserWeb

Version:
1.0.0.17

MD5:
a445f7b5efbac2062686e6b7a38f108b

SHA-1:
70f25dd43b30354ecb038981f591b7163b27668d

SHA-256:
241bfac4cbd3fc1551be8130a1307819c508ffbbf7e2dda07933f9d90d451254

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 1:13:34 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softpulse (M)
16.9.22.12

File size:
512 KB (524,288 bytes)

Product version:
1.0.0.17

Copyright:
Copyright © 2015

Original file name:
BrowserWeb.exe

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Language Neutral

Common path:
C:\windows\temp\tmp0000003b51c69c74c1103c02

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/18/2014 7:00:00 AM

Valid to:
12/19/2015 6:59:59 AM

Subject:
CN=Softforce LLC, O=Softforce LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
39EFBC248CD996B345705A5A0ED70147

File PE Metadata
Compilation timestamp:
7/14/2015 5:11:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:sHHHHHHHHHHHHFHHHHHHHHHHHHHHHHgHHHHHHHHHHHHFHHHHHHHHHHHHHHHH3RhQ:DhNAMETDZEZ7RVGHm9WbVbVHjh

Entry address:
0x1CD6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5252

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
107.5 KB (110,080 bytes)

Remove tmp0000003b51c69c74c1103c02 - Powered by Reason Core Security