» bobylyrics-1-enabler.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

bobylyrics-1-enabler.exe

BobyLyrics-1

Lyrics

The application bobylyrics-1-enabler.exe has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. By utilizing the Crossrider browser extension platform, the Enabler module is designed to manage the integration with the user's web browser and install/manage the plugin for Chrome, IE and Firefox. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.

File name:

Publisher:

Lyrics

Product:

BobyLyrics-1

Description:

BobyLyrics-1 exe

Version:

1000.1000.1000.1000

MD5:

1026802dbdef70cf491664d2b8e3fa49

SHA-1:

a3bbf2eb6edb1dfea32e3a5430b764329eb18a0e

SHA-256:

aecda94cfb691ee60e2729f63d546d237557d8c291075beaab321b039845bc58

Scanner detections:

22 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

5/1/2024 2:53:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.910395

1021

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AVG

Generic5

2015.0.3499

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14419

Bitdefender

Adware.Generic.910395

1.0.20.545

Dr.Web

Trojan.Crossrider.16

9.0.1.0109

Emsisoft Anti-Malware

Adware.Generic.910395

8.14.04.19.02

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.9671

Fortinet FortiGate

Riskware/Toolbar_CrossRider

4/19/2014

F-Secure

Adware.Generic.910395

11.2014-19-04_7

G Data

Adware.Generic.910395

14.4.24

herdProtect (fuzzy)

variant of plus-hd-4.1-enabler.exe (Adware)

2013.12.28.15

K7 AntiVirus

Trojan

13.176.11737

Malwarebytes

PUP.Optional.Lyrics.A

v2014.04.19.02

McAfee

Artemis!1026802DBDEF

5600.7155

MicroWorld eScan

Adware.Generic.910395

15.0.0.327

NANO AntiVirus

Trojan.Win32.Crossrider.cqktcv

0.28.0.59048

Norman

Troj_Generic.SVOMA

11.20140419

Reason Heuristics

PUP.Crossrider.Task.U

14.4.19.14

Sophos

Generic PUA KD

4.98

Trend Micro House Call

TROJ_GEN.R0CBH05BS14

7.2.109

VIPRE Antivirus

Crossrider

28214

File size:

335.5 KB (343,552 bytes)

Product version:

1000.1000.1000.1000

Original file name:

BobyLyrics-1.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\bobylyrics-1\bobylyrics-1-enabler.exe

File PE Metadata

Compilation timestamp:

8/12/2013 10:42:57 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:RTrS1/GCULaOv6zACdIWxprALQ93Bc6ecJSpTBNF4zqW:lrM/zUOOSzACdIWxyLQ93BApT/4

Entry address:

0x2B381

Entry point:

E8, 22, 99, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB... 
[+]

Code size:

258 KB (264,192 bytes)

Scheduled Task

Task name:

BobyLyrics-1-enabler

Trigger:

Logon (Runs on logon)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/008220/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove bobylyrics-1-enabler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.