home

3.exe

Space Battleship Creative

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 3.exe by Space Battleship Creative has been detected as adware by 16 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Space Battleship Creative  (signed and verified)

MD5:
0280fc7522156bf80716d4e32f043325

SHA-1:
564b21c2d13f81b2283400150ec12a6c168a0472

SHA-256:
cebf0f8f947c365391a172c7429395d3d63dafffe6c34822c27f692b4655d161

Scanner detections:
16 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/26/2024 2:32:06 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.gn
7.11.193.202

avast!
Win32:Malware-gen
2014.9-141221

AVG
Generic
2015.0.3254

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141221

Clam AntiVirus
Win.Adware.Adwapper-7
0.98/21511

ESET NOD32
Win32/Toolbar.CrossRider.AW (variant)
8.10850

G Data
Win32.Adware.Crossrider
14.12.24

K7 AntiVirus
Unwanted-Program
13.186.14280

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.2763

McAfee
Artemis!0280FC752215
5600.6910

Panda Antivirus
Trj/Genetic.gen
14.12.21.09

Reason Heuristics
PUP.SpaceBattleshipCreative.B
14.12.21.9

Sophos
Generic PUA FG
4.98

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
35574

Zillya! Antivirus
Trojan.GoogUpdate.Win32.4470
2.0.0.2001

File size:
102.4 KB (104,880 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\3.exe

Digital Signature
Signed by:
Space Battleship Creative

Authority:
COMODO CA Limited

Valid from:
10/19/2014 8:00:00 PM

Valid to:
10/20/2015 7:59:59 PM

Subject:
CN=Space Battleship Creative, O=Space Battleship Creative, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F7CD27D419D6D6EBEEE61F75941D1DA4

File PE Metadata
Compilation timestamp:
11/9/2014 3:35:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:MNaKO54AMM76yZtPcHl4Thw08mvj/cVztX5sWjcdo3fy2yUM:MVI4u7PUQ7eztXGoPy/5

Entry address:
0x5542

Entry point:
E8, 3B, 66, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, 6F, 41, 00, E8, 28, 0A, 00, 00, E8, D4, 32, 00, 00, 0F, B7, F0, 6A, 02, E8, CE, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AF, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4102

Code size:
67.5 KB (69,120 bytes)

Remove 3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.