home

8a4da2f0-6def-4f34-ab69-a1c786022b55-4.exe

SavePass 1.1

OB

The application 8a4da2f0-6def-4f34-ab69-a1c786022b55-4.exe has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address sage.parklogic.com on port 80 using the HTTP protocol.
Publisher:
OB

Product:
SavePass 1.1

Description:
SavePass 1.1 exe

Version:
1000.1000.1000.1000

MD5:
952c5905b991643f33760bfea9408f31

SHA-1:
cc96398742b4d8cdcd051a032477dde1da89544b

SHA-256:
b3ebfc82ddef02401382281ed864fa2bad299aee59a1be604e54924d912f4ae5

Scanner detections:
21 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/24/2024 5:29:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.Bv0@mWeukZeO
625

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.20

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

avast!
Win32:Evo-gen [Susp]
2014.9-150520

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15520

Bitdefender
Gen:Application.Heur.Bv0@mWeukZeO
1.0.20.700

Comodo Security
Application.Win32.CrossRider.CK
22176

Dr.Web
Trojan.Crossrider1.31167
9.0.1.0142

ESET NOD32
Win32/Toolbar.CrossRider.CH potentially unwanted (variant)
9.11651

F-Secure
Gen:Application.Heur.Bv0@mWeukZeO
11.2015-20-05_4

G Data
Gen:Application.Heur.Bv0@mWeukZeO
15.5.25

IKARUS anti.virus
PUA.Plush
t3scan.1.8.9.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.2011

Malwarebytes
PUP.Optional.SavePass.A
v2015.05.20.06

McAfee
PUP-FVY
5600.6759

MicroWorld eScan
Gen:Application.Heur.Bv0@mWeukZeO
16.0.0.420

Panda Antivirus
Trj/Genetic.gen
15.05.20.06

Reason Heuristics
Adware.Crossrider
15.5.20.14

Sophos
Generic PUA PK
4.98

SUPERAntiSpyware
Adware.SavePass/Variant
9863

VIPRE Antivirus
Threat.4150696
40418

File size:
1.4 MB (1,492,992 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SavePass 1.1.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\savepass 1.1\8a4da2f0-6def-4f34-ab69-a1c786022b55-4.exe

File PE Metadata
Compilation timestamp:
5/19/2015 8:04:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:QvpxERwouUi2PGxG5R4la04xz3v0/lBiv73kUCd5gxCzH6pSOVTgFD:QvDtj1g5R4w0oz/Eu7CMCzH6pSOVTw

Entry address:
0xE693A

Entry point:
E8, 3C, FE, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 6F, FF, 00, 00, 3B, 30, 7C, 07, E8, 66, FF, 00, 00, 8B, 30, E8, 59, FF, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, CA, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 90, 57, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 14, 2F, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 90, 57, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, D3, EB...
 
[+]

Code size:
1 MB (1,092,608 bytes)

Scheduled Task
Task name:
8a4da2f0-6def-4f34-ab69-a1c786022b55-4

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to sage.parklogic.com  (69.39.236.56:80)

TCP (HTTP):
Connects to unknown.prolexic.com  (72.52.4.90:80)

Remove 8a4da2f0-6def-4f34-ab69-a1c786022b55-4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.