» 8062332e-a62f-402b-a6a8-327ce378ef1c-64.exe
Overview
Analysis
File Details
Programs (1)

8062332e-a62f-402b-a6a8-327ce378ef1c-64.exe

power app

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 8062332e-a62f-402b-a6a8-327ce378ef1c-64.exe by Naruto Source has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program power app by Naruto Source which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Object Browser (signed by Naruto Source)

Product:

power app

Description:

power app exe

Version:

1000.1000.1000.1000

MD5:

2b1823ce4e77689ac9fe48df38633aae

SHA-1:

254329f48fcdedf2e4afbb2b251a77dd8d19cf69

SHA-256:

1827a3eaaac4f2d745b315d92df8848e30cf51e2cbb81007a6704bea46a8f872

Scanner detections:

10 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

5/8/2024 12:08:05 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Crossrider

7.1.1

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.173.20

AVG

Generic

2015.0.3354

ESET NOD32

Win64/Toolbar.Crossrider (variant)

8.10436

herdProtect (fuzzy)

variant of f688e52c-284c-409a-8578-45b890452a7a-64.exe (Adware)

2014.11.5.16

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.8.0

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.494

Malwarebytes

PUP.Optional.BrowserApps.A

v2014.11.05.12

Reason Heuristics

PUP.Crossrider.NarutoSource.h

14.9.11.18

VIPRE Antivirus

Crossrider

33222

File size:

1.5 MB (1,624,936 bytes)

Product version:

1000.1000.1000.1000

Original file name:

power app.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\power app\8062332e-a62f-402b-a6a8-327ce378ef1c-64.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/27/2014 7:00:00 PM

Valid to:

7/28/2015 6:59:59 PM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

9/10/2014 5:03:52 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:fSnLAs5UIYzNEjEYbxTyu1jBMk8hbI/oEIoTh+HJRuontPU4zbf:aj5UIENEjdTyMjEfEIoTh+HjuotPUO

Entry address:

0xB5C20

Entry point:

48, 83, EC, 28, E8, 83, FE, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 9C, 61, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 0F, FE, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 9F, A3, F4, FF, 66, 39, 05, 98, A3, F4, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, C7, A3, F4, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Entropy:

6.2872

Code size:

941.5 KB (964,096 bytes)

The file 8062332e-a62f-402b-a6a8-327ce378ef1c-64.exe has been discovered within the following program.

power app by Naruto Source

power app is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.

crossrider.com/install/63439-power-app

79% remove it

Remove 8062332e-a62f-402b-a6a8-327ce378ef1c-64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.