home

3cab731d-dbb5-4a5d-b3df-0e51ba9f975e-2.exe

SmartSaver+ 15

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 3cab731d-dbb5-4a5d-b3df-0e51ba9f975e-2.exe, “SmartSaver+ 15 exe” by Sailor Project has been detected as adware by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
smart-saverplus  (signed by Sailor Project)

Product:
SmartSaver+ 15

Description:
SmartSaver+ 15 exe

Version:
1000.1000.1000.1000

MD5:
577fae00d5ab8c5e6ed65c1fbdc4261b

SHA-1:
7b0602a9209e8ed6120289f274bd1aa494e7957f

SHA-256:
6538ac57743470772f9e65ca0cb37a0ec561be404796294718516d35fecd329b

Scanner detections:
23 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/25/2024 5:49:31 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.171.26

avast!
Win32:Crossrider-N [PUP]
2014.9-140910

AVG
Generic
2015.0.3356

Baidu Antivirus
Adware.Win32.GoogUpdate
4.0.3.14910

Comodo Security
ApplicUnwnt
19353

Dr.Web
Trojan.Crossrider.27193
9.0.1.0253

ESET NOD32
Win32/Toolbar.CrossRider.AJ (variant)
8.10337

Fortinet FortiGate
Riskware/Toolbar_CrossRider
9/10/2014

F-Prot
W32/A-eb9ef301
v6.4.7.1.166

G Data
Win32.Adware.Crossrider
14.9.24

IKARUS anti.virus
PUA.CrossRider
t3scan.1.7.5.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3275

Malwarebytes
PUP.Optional.HQPure.A
v2014.07.29.09

McAfee
Artemis!497DD0184FF2
5600.7012

NANO AntiVirus
Riskware.Win32.CrossRider.dcwyik
0.28.2.61861

Panda Antivirus
Trj/Genetic.gen
14.07.29.09

Reason Heuristics
PUP.SailorProject.g
14.7.29.21

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14727

Sophos
AppRider
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10369

Trend Micro House Call
Suspicious_GEN.F47V0723
7.2.253

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

VIPRE Antivirus
Crossrider
32658

File size:
379.4 KB (388,456 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SmartSaver+ 15.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\smartsaver+ 15\3cab731d-dbb5-4a5d-b3df-0e51ba9f975e-2.exe

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/17/2014 9:00:00 PM

Valid to:
7/18/2015 8:59:59 PM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/22/2014 7:04:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:S0NXQJoBOQyDL+icOJtR9yG+TiZ3fzvUpTBJbpH1:S0NJO//PnRgbTiZvzvUpTbbP

Entry address:
0x2FC31

Entry point:
E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 9E, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 6A, 60, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
288 KB (294,912 bytes)

Scheduled Task
Task name:
3cab731d-dbb5-4a5d-b3df-0e51ba9f975e-2

Trigger:
Logon (Runs on logon)

Action:
3cab731d-dbb5-4a5d-b3df-0e51ba9f975e-2.exe \kloplv \fxyintq='smartsaver+ 15' \fhawjde=48928 \


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove 3cab731d-dbb5-4a5d-b3df-0e51ba9f975e-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.