home

1a05c68d-4859-4197-9cba-dc093412c181-4.exe

Browsers App

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 1a05c68d-4859-4197-9cba-dc093412c181-4.exe by Sailor Project has been detected as adware by 6 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
app  (signed by Sailor Project)

Product:
Browsers App

Description:
Browsers App exe

Version:
1000.1000.1000.1000

MD5:
902bfddd7a7be7af7b6c926d014d9f25

SHA-1:
9fe8e4ee5e493eeeef92147f2bdcd12c4dbf4c0e

SHA-256:
7e146e58e35be9d11057ef87973646a38540fb6d10eb27764b19ce9b69fc58b2

Scanner detections:
6 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
4/24/2024 5:11:42 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.163.240

ESET NOD32
Win32/Toolbar.CrossRider.AK (variant)
8.10153

IKARUS anti.virus
not-a-virus:WebToolbar.CrossRider
t3scan.1.6.1.0

Panda Antivirus
Trj/Genetic.gen
14.07.25.12

Reason Heuristics
PUP.SailorProject.g
14.7.27.12

VIPRE Antivirus
Crossrider
31590

File size:
848.9 KB (869,224 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Browsers App.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\browsers app\1a05c68d-4859-4197-9cba-dc093412c181-4.exe

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/18/2014 1:00:00 AM

Valid to:
7/19/2015 12:59:59 AM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/24/2014 11:03:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:dsQoVbajrJSFNrNI5c5TyXlrwjx0lpxEjcYuh7Y29NWAP1LXRRN3dwppTl6D:dKbie5OKClrwjx0lTXNFB2T2

Entry address:
0x8B50F

Entry point:
E8, 7D, E3, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41...
 
[+]

Entropy:
6.5377

Code size:
696.5 KB (713,216 bytes)

Remove 1a05c68d-4859-4197-9cba-dc093412c181-4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.