home

6919443f-4d2a-468b-811f-c035472a9288-11.exe

SmartSaver+ 3

Blondie Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 6919443f-4d2a-468b-811f-c035472a9288-11.exe, “SmartSaver+ 3 exe” by Blondie Project (Bright Circle Investments) has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
smart-saverplus  (signed by Blondie Project (Bright Circle Investments Ltd))

Product:
SmartSaver+ 3

Description:
SmartSaver+ 3 exe

Version:
1000.1000.1000.1000

MD5:
6aced1ce5d3cbd88128522e6c9c2231e

SHA-1:
22ce30798c19bfe76dcfa7088417de1911086a89

SHA-256:
9cd13960d810626e4deb0105af076e764b1e0b6285873d4365061177dc72ad8b

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
4/29/2024 1:35:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.7v1@mKTh@PgO
6687390

AhnLab V3 Security
PUP/Win32.Solimba
2015.03.03

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.213.54

avast!
Win32:Trojan-gen
2014.9-150302

AVG
Generic
2016.0.3182

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1532

Bitdefender
Gen:Application.Heur.7v1@mKTh@PgO
1.0.20.305

Comodo Security
Application.Win32.Plush.GRI
21271

Dr.Web
Trojan.Crossrider1.20853
9.0.1.061

Emsisoft Anti-Malware
Gen:Application.Heur.7v1@mKTh@PgO
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.BV potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.7v1@mKTh@PgO
5.13.68

G Data
Gen:Application.Heur.7v1@mKTh@PgO
15.3.25

K7 AntiVirus
Trojan
13.200.15134

Malwarebytes
PUP.Optional.SmartSaver.A
v2015.03.02.10

McAfee
Program.PUP-FVY
16.8.708.2

MicroWorld eScan
Gen:Application.Heur.7v1@mKTh@PgO
16.0.0.183

Norman
Gen:Application.Heur.7v1@kKTh@PgO
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.03.02.10

Qihoo 360 Security
Win32/Application.9c4
1.0.0.1015

Quick Heal
PUA.BrightCircle.OD6
3.15.14.00

Reason Heuristics
Adware.Crossrider.Task.Brightcircle
15.3.2.21

Sophos
Generic PUA CC
4.98

VIPRE Antivirus
Threat.4789396
37788

File size:
1.9 MB (2,022,872 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SmartSaver+ 3.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\smartsaver+ 3\6919443f-4d2a-468b-811f-c035472a9288-11.exe

Digital Signature
Signed by:
Blondie Project (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 2:00:00 AM

Valid to:
12/17/2015 1:59:59 AM

Subject:
CN=Blondie Project (Bright Circle Investments Ltd), O=Blondie Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0903CC287C7EEA81D3C21DBB234D320C

File PE Metadata
Compilation timestamp:
2/27/2015 1:05:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:1zwkuNX3f/O+QNxFJW38XBdxg5j0KkkZEGxtfzSUpSHk7THZ0HBtXf9Nt+iJeiD0:1zq/W+8JljQj4kf+UpSHmTeZ1V1Dza

Entry address:
0xF7CC1

Entry point:
E8, 5F, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 92, FE, 00, 00, 3B, 30, 7C, 07, E8, 89, FE, 00, 00, 8B, 30, E8, 7C, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, A0, 1C, 56, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, A0, 1C, 56, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, F6, EA...
 
[+]

Code size:
1.1 MB (1,196,544 bytes)

Scheduled Task
Task name:
6919443f-4d2a-468b-811f-c035472a9288-11

Trigger:
Logon (Runs on logon)


Remove 6919443f-4d2a-468b-811f-c035472a9288-11.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.