» c254a55a-4428-4ca7-8ff7-037b10e4228f-4.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

c254a55a-4428-4ca7-8ff7-037b10e4228f-4.exe

Internet Speed Checker

Morgan Enter Mode

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application c254a55a-4428-4ca7-8ff7-037b10e4228f-4.exe, “Internet Speed Checker exe” by Morgan Enter Mode has been detected as adware by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Internet Speed Checker by Sailor Project which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Speedchecker (signed by Morgan Enter Mode)

Product:

Internet Speed Checker

Description:

Internet Speed Checker exe

Version:

1000.1000.1000.1000

MD5:

a02167274568078aada6cf4ca804fe1a

SHA-1:

d93a508315ce98d8a92ee84137e3d411aef6dab7

SHA-256:

9e10a5296f094157a681b8cb3ade916bd5dba1687c5e04e2346de325f66e4956

Scanner detections:

23 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/25/2024 1:10:16 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.433849

840

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.14

Avira AntiVirus

Adware/CrossRider.pq

7.11.178.234

avast!

Win32:Crossrider-AI [PUP]

2014.9-141018

AVG

Morgan

2015.0.3318

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.141018

Bitdefender

Gen:Variant.Adware.Kazy.433849

1.0.20.1455

Dr.Web

Trojan.Crossrider.35816

9.0.1.0291

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.433849

8.14.10.18.05

ESET NOD32

Win32/Toolbar.CrossRider.AX (variant)

8.10572

Fortinet FortiGate

Adware/Adwapper

10/19/2014

F-Secure

Gen:Variant.Adware.Kazy.433849

11.2014-18-10_7

G Data

Gen:Variant.Adware.Kazy.433849

14.10.24

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.184.13697

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3084

Malwarebytes

PUP.Optional.InternetSpeedChecker.A

v2014.10.18.05

McAfee

Artemis!A02167274568

5600.6974

MicroWorld eScan

Gen:Variant.Adware.Kazy.433849

15.0.0.873

Panda Antivirus

Trj/Genetic.gen

14.10.18.05

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Task.g

14.10.18.5

VIPRE Antivirus

Crossrider

33902

File size:

1.4 MB (1,470,368 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Internet Speed Checker.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\internet speed checker\c254a55a-4428-4ca7-8ff7-037b10e4228f-4.exe

Digital Signature

Signed by:

Morgan Enter Mode

Authority:

COMODO CA Limited

Valid from:

8/28/2014 2:00:00 AM

Valid to:

8/29/2015 1:59:59 AM

Subject:

CN=Morgan Enter Mode, O=Morgan Enter Mode, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E247EA066029B70533C15792B60ED4D8

File PE Metadata

Compilation timestamp:

10/12/2014 9:35:25 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:f1SZgCWmF2mSXFGxukdOBDKcxe/AM9VhJkUEFWf5f05ML5OIpSkOmTF8WO:f1cV2m6RkdqD9fMxJkEW5ML5OIpSkHTS

Entry address:

0xE8260

Entry point:

E8, C3, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, F6, 01, 01, 00, 3B, 30, 7C, 07, E8, ED, 01, 01, 00, 8B, 30, E8, E0, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 34, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 00, 66, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7E, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 00, 66, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 3F, EE... 
[+]

Code size:

1 MB (1,092,608 bytes)

Scheduled Task

Task name:

c254a55a-4428-4ca7-8ff7-037b10e4228f-4

Trigger:

Logon (Runs on logon)

Action:

c254a55a-4428-4ca7-8ff7-037b10e4228f-4.exe \rawdata=v2bt7czmpddabllwcxc9u859j3kro7jxq2usytmhw

The file c254a55a-4428-4ca7-8ff7-037b10e4228f-4.exe has been discovered within the following program.

Internet Speed Checker by Sailor Project

Internet Speed Checker is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

62% remove it

Remove c254a55a-4428-4ca7-8ff7-037b10e4228f-4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.