» 731b28ed-138e-45a5-af8b-7ef590e61293-5.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

731b28ed-138e-45a5-af8b-7ef590e61293-5.exe

Sense

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 731b28ed-138e-45a5-af8b-7ef590e61293-5.exe by Naruto Source has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Object Browser (signed by Naruto Source)

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

aa9045168cb749578a0b66c8abd290e3

SHA-1:

85d2586de6943ed4feca57a8967b2ad0869911f2

SHA-256:

e5bc7a6786e99272c01c5bf381af1aec2991fa4a36284ae48b857985248b660f

Scanner detections:

21 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/19/2024 3:08:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Plush.2

895

AhnLab V3 Security

PUP/Win32.CrossRider

2014.08.24

Avira AntiVirus

Adware/CrossRider.pq

7.11.168.242

AVG

Generic

2015.0.3373

Bitdefender

Gen:Variant.Adware.Plush.2

1.0.20.1175

Dr.Web

Trojan.Crossrider.30148

9.0.1.0235

Emsisoft Anti-Malware

Gen:Variant.Adware.Plush

8.14.08.23.06

ESET NOD32

Win32/Toolbar.CrossRider.AH potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/CrossRider

8/23/2014

F-Secure

Gen:Variant.Adware.Plush.2

11.2014-23-08_7

G Data

Gen:Variant.Adware.Plush

14.8.24

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.494

Malwarebytes

PUP.Optional.Sense.A

v2014.08.23.06

McAfee

Artemis!AA9045168CB7

5600.7029

MicroWorld eScan

Gen:Variant.Adware.Plush.2

15.0.0.705

Panda Antivirus

Trj/Genetic.gen

14.08.23.06

Qihoo 360 Security

Win32/Virus.Adware.970

1.0.0.1015

Reason Heuristics

PUP.NarutoSource.g

14.8.22.22

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14821

Sophos

Generic PUA IF

4.98

VIPRE Antivirus

Threat.4789396

32210

File size:

474.9 KB (486,248 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\sense\731b28ed-138e-45a5-af8b-7ef590e61293-5.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/28/2014 8:00:00 AM

Valid to:

7/29/2015 7:59:59 AM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

8/22/2014 6:03:43 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:m/5tlPzfvsChiDYSS2h4VJVmY6KZyn4PCFnvYad5jpTBKGiU:g5tlvsChiDYueVJVmWZPCVNd9pTk0

Entry address:

0x3C8A7

Entry point:

E8, 0E, CB, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 26, 47, 00, E8, 03, 4A, 00, 00, E8, 77, 1D, 00, 00, 0F, B7, F0, 6A, 02, E8, A1, CA, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BF, 87, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4878

Code size:

375.5 KB (384,512 bytes)

Scheduled Task

Task name:

731b28ed-138e-45a5-af8b-7ef590e61293-5

Trigger:

Logon (Runs on logon)

Action:

731b28ed-138e-45a5-af8b-7ef590e61293-5.exe \runupdater \agentregpath='sense' \appid=61915 \sr

The file 731b28ed-138e-45a5-af8b-7ef590e61293-5.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

Remove 731b28ed-138e-45a5-af8b-7ef590e61293-5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.