home

4b527752-7a7b-4cd3-a881-a52cc99f21f0-10.exe

Browsers App

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 4b527752-7a7b-4cd3-a881-a52cc99f21f0-10.exe by Sailor Project has been detected as adware by 18 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
app  (signed by Sailor Project)

Product:
Browsers App

Description:
Browsers App exe

Version:
1000.1000.1000.1000

MD5:
fa8f4b166f7567829a251574a56a1bc0

SHA-1:
e16ce0e9cecfbe6c870bd879ab4551211bb5d289

SHA-256:
538d0a00fd6c5e10c1fd7b2b1c1a27d9424947ae9621aa4dc6cbbaa561f2570a

Scanner detections:
18 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/19/2024 5:53:16 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.164.82

AVG
Generic
2015.0.3345

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.14920

Comodo Security
ApplicUnwnt
19039

Dr.Web
Trojan.Crossrider.17413
9.0.1.0263

ESET NOD32
Win32/Toolbar.CrossRider.AG potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
Riskware/Toolbar_CrossRider
9/20/2014

herdProtect (fuzzy)
variant of 57889699-e09d-45e5-93ff-14ee32eeb35c-10.exe (Adware)
2014.12.3.10

IKARUS anti.virus
not-a-virus:WebToolbar.CrossRider
t3scan.1.6.1.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.2854

Malwarebytes
PUP.Optional.InfoHD.A
v2014.12.03.05

McAfee
Artemis!FA8F4B166F75
5600.7001

Panda Antivirus
Trj/Genetic.gen
14.09.20.09

Qihoo 360 Security
Win32/Trojan.fb4
1.0.0.1015

Reason Heuristics
PUP.Crossrider.Task.h
14.9.20.21

Sophos
Generic PUA OB
4.98

Trend Micro House Call
Suspicious_GEN.F47V0728
7.2.263

VIPRE Antivirus
Threat.4789396
31208

File size:
371.9 KB (380,776 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Browsers App.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\browsers app\4b527752-7a7b-4cd3-a881-a52cc99f21f0-10.exe

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/17/2014 7:00:00 PM

Valid to:
7/18/2015 6:59:59 PM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/28/2014 8:24:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:aEwlU44dFo7G59YqSg8OGu6nMqtcS19pTB0LQseRu:aEwdIoQ9Gu6M+t19pTq/

Entry address:
0x2838B

Entry point:
E8, 55, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9...
 
[+]

Entropy:
6.4094

Code size:
275.5 KB (282,112 bytes)

Scheduled Task
Task name:
4b527752-7a7b-4cd3-a881-a52cc99f21f0-10

Trigger:
Logon (Runs on logon)


Remove 4b527752-7a7b-4cd3-a881-a52cc99f21f0-10.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.