» 1cdfd470-fa79-4b73-8d98-7e65420c86f8.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

1cdfd470-fa79-4b73-8d98-7e65420c86f8.exe

Browsers Apps

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 1cdfd470-fa79-4b73-8d98-7e65420c86f8.exe, “Browsers Apps exe” by Sailor Project has been detected as adware by 20 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Browsers Apps by Naruto Source which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

app (signed by Sailor Project)

Product:

Browsers Apps

Description:

Browsers Apps exe

Version:

1000.1000.1000.1000

MD5:

c941c319cb1321ed26756a3ed1790c63

SHA-1:

24fec71fc320a382e64c49772cef6662b7b9ad36

SHA-256:

beedd8d6b855303bb574a01adfea7d35f6786d864516f644a283d8dfcd6708c9

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/26/2024 7:57:08 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.172.132

avast!

Win32:Crossrider-M [PUP]

2014.9-140930

AVG

Generic

2015.0.3394

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.1482

Dr.Web

Trojan.Crossrider.17413

9.0.1.0214

ESET NOD32

Win32/Toolbar.CrossRider.AG potentially unwanted application

8.7.0.302.0

Fortinet FortiGate

W32/GoogUpdate.AG!tr

9/30/2014

F-Prot

W32/S-9ad4719b

v6.4.7.1.166

herdProtect (fuzzy)

variant of 38b94ef1-eec0-413d-ba0d-f62e0b48e405.exe (Adware)

2014.9.11.13

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.183.13379

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3268

Malwarebytes

PUP.Optional.CinemaPlus.A

v2014.09.11.10

McAfee

Artemis!7F96A2123F40

5600.6991

Panda Antivirus

Trj/Genetic.gen

14.09.30.11

Reason Heuristics

PUP.SailorProject.e

14.8.2.20

Sophos

Generic PUA BO

4.98

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Threat.4789396

31208

Zillya! Antivirus

Trojan.GoogUpdate.Win32.1990

2.0.0.1924

File size:

345.9 KB (354,152 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Browsers Apps.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\browsers apps\1cdfd470-fa79-4b73-8d98-7e65420c86f8.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/17/2014 7:00:00 PM

Valid to:

7/18/2015 6:59:59 PM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

8/1/2014 5:02:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:Rn/CJyVyhkkH9tLqoVRWBJSLyCTCQQ+Gz6DpjWSMVKiU4xqQx3TB9WpTBfUn+zo4:RnKQqtdtVRYRWMZVK0AQnUpTBGPwGM

Entry address:

0x252D2

Entry point:

E8, 4E, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75... 
[+]

Entropy:

6.4087

Code size:

251.5 KB (257,536 bytes)

Scheduled Task

Task name:

1cdfd470-fa79-4b73-8d98-7e65420c86f8

Trigger:

Logon (Runs on logon)

Action:

1cdfd470-fa79-4b73-8d98-7e65420c86f8.exe \czexvovh='browsers apps' \ntkqslzu=61787 \tyutjad

The file 1cdfd470-fa79-4b73-8d98-7e65420c86f8.exe has been discovered within the following program.

Browsers Apps by Naruto Source

Browsers Apps (Freeven) is an advertising-supported web browser toolbar/extension that will make the following changes to the browser's settings: - Changes the default home page and new tabs and protect these search settings - Changes the default search engine in your Internet Browser, including the browser's built-in search box - Adds an addition of alternative error page functionality, such as “Page Not Found” and DNS errors - Tracks usage behavior.

crossrider.com/install/61787-browsers-app

82% remove it

Remove 1cdfd470-fa79-4b73-8d98-7e65420c86f8.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.