Multi-License Discount Quote

Change Region

English
Threat Database Adware Content Explorer

Content Explorer

By GoldSparrow in Adware

Threat Scorecard

Popularity Rank: 3,504
Threat Level: 10 % (Normal)
Infected Computers: 10,812
First Seen: April 11, 2014
Last Seen: February 12, 2026
OS(es) Affected: Windows

Content Explorer is an adware threat that may hijack online searches of the PC user by modifying search results with sponsored links and repeatedly rerouting the computer user to suspicious websites with mainly adware related content. Content Explorer may insert a plug-in, browser extension or add-on for Mozilla Firefox, Google Chrome, and Internet Explorer Web browsers when the computer user installs other freeware. When PC users install these free programs, he may also install Content Explorer as an optional program on the computer systems. Once installed, Content Explorer may hijack the online search box on many well-known social networking or online shopping websites and replace it with its own. PC users should always pay attention when installing free tools from unsafe download websites because often, software installer may carry an optional install, such as Content Explorer. PC users should be careful what free programs they agree to install. Content Explorer may show unwanted pop-up advertisements and continuously divert computer users to suspicious websites.

URLs

Content Explorer may call the following URLs:

packagetrackingtab.com

Analysis Report

General information

Family Name: Adware.ContentExplorer
Signature status: Self Signed

Known Samples

MD5: 05eb2b715294349fad690daec8642cc6
SHA1: 71d5a77e8c3049d2b9bb35d7acc30dfd1c74ee78
SHA256: 665BCF0869DE95BB3788E4422B186C54BB8A5763A2985AD3C16FAE4231C6EDD7
File Size: 147.13 KB, 147128 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is .NET application
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version 2.0.0.0
File Description CE Installer
File Version 2.0
Internal Name CEInstaller.exe
Legal Copyright Copyright © 2013
Original Filename CEInstaller.exe
Product Name CE Installer
Product Version 2.0

Digital Signatures

Signer Root Status
Application Genius, LLC Go Daddy Secure Certificate Authority - G2 Self Signed

Block Information

Total Blocks: 460
Potentially Malicious Blocks: 47
Whitelisted Blocks: 363
Unknown Blocks: 50

Visual Map

0 0 ? 0 0 x ? 0 0 0 0 0 0 0 0 0 0 ? 0 ? ? 0 ? 0 x x x ? ? x 0 0 0 0 0 0 x x 0 ? 0 ? 0 ? 0 ? x x x 0 x x x ? 0 x x x ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 x ? x ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? x ? 0 x x x x 0 0 0 0 0 x ? ? 0 ? ? 0 0 x x x 0 0 ? 0 ? x ? ? 0 x x x x 0 0 0 x x 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 ? 0 0 0 x ? x x ? x x ? ? x x 0 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 ? 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\223de96ee265046957a660ed7c9dd9e7_eff9b9ba98deaa773f261fa85a0b1771 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\content\b065fb6e1704b95faa47ee92dc32c8eb_c0c2258be340a204e977d10cc8c90243 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\223de96ee265046957a660ed7c9dd9e7_eff9b9ba98deaa773f261fa85a0b1771 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\locallow\microsoft\cryptneturlcache\metadata\b065fb6e1704b95faa47ee92dc32c8eb_c0c2258be340a204e977d10cc8c90243 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\assembly Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\systemcertificates\authroot\certificates\47beabc922eae80e78783462a79f45c254fde68b::blob  怵寤轫匶╰헑ʼ旙ဪ孤.ꖶ鄡㗳 T到ࠆثԁ܅ȃࠆثԁ܅̃ਆثЁ舁਷Ѓࠆثԁ܅Ѓࠆثԁ܅؃ࠆثԁ܅܃ࠆثԁ܅ăࠆثԁ܅ࠃ RGo Daddy Root Certificate Authority – G2S%⌰ℰଆ虠ň RegNtPreCreateKey

Windows API Usage

Category API
User Data Access
  • GetUserObjectInformation
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Other Suspicious
  • AdjustTokenPrivileges

Trending

Most Viewed

Loading...