» c8177014-ce3a-4d93-a500-e870d19ee232-6.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (13)

c8177014-ce3a-4d93-a500-e870d19ee232-6.exe

Sense

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application c8177014-ce3a-4d93-a500-e870d19ee232-6.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 20 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Object Browser (signed by BadFinger Project (BrightCircle Investments Limited))

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

015222afc32726687009165244959e2b

SHA-1:

db838a05688fb5fb51139782f288d5a4e29cf48c

SHA-256:

f6180942d2848353b6fb765fe9d6f22a9b86c5de42e14ac7c4537932fccbc9c6

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/16/2024 5:26:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.yz1@k44BRdbi

776

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.196.174

AVG

Generic

2015.0.3254

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141221

Bitdefender

Gen:Application.Heur.yz1@k44BRdbi

1.0.20.1775

Comodo Security

ApplicUnwnt

20412

ESET NOD32

Win32/Toolbar.CrossRider.BM (variant)

8.10901

Fortinet FortiGate

Adware/Adwapper

12/21/2014

F-Secure

Gen:Application.Heur.yz1@k44BRdbi

11.2014-21-12_1

G Data

Gen:Application.Heur.yz1@k44BRdbi

14.12.24

IKARUS anti.virus

PUA.Toolbar.CrossRider

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.188.14380

Malwarebytes

PUP.Optional.Sense.A

v2014.12.21.05

McAfee

Artemis!015222AFC327

5600.6910

MicroWorld eScan

Gen:Application.Heur.yz1@k44BRdbi

15.0.0.1065

Panda Antivirus

Generic Suspicious

14.12.21.05

Qihoo 360 Security

Win32/Virus.Adware.a87

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Task.g

14.12.21.5

Sophos

Generic PUA NL

4.98

VIPRE Antivirus

Crossrider

35858

File size:

1.4 MB (1,450,464 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\sense\c8177014-ce3a-4d93-a500-e870d19ee232-6.exe

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 2:00:00 AM

Valid to:

11/18/2015 1:59:59 AM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata

Compilation timestamp:

12/14/2014 3:06:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:0dNlipQburx2Hq1rv3WMyuhzL3X44T7pSCIooPk8cd+HZV:0Lg1/ruMpzT7pSCEPk8cd+HZV

Entry address:

0xB48AD

Entry point:

E8, 12, 01, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, 78, 52, 00, E8, 6D, 76, 00, 00, E8, 35, 53, 00, 00, 0F, B7, F0, 6A, 02, E8, A5, 00, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, B8, 8D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4026

Code size:

937 KB (959,488 bytes)

Scheduled Task

Task name:

c8177014-ce3a-4d93-a500-e870d19ee232-6

Trigger:

Logon (Runs on logon)

The file c8177014-ce3a-4d93-a500-e870d19ee232-6.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.10:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.49.201:80)

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

TCP (HTTP):

Connects to ip-50-63-202-53.ip.secureserver.net (50.63.202.53:80)

Remove c8177014-ce3a-4d93-a500-e870d19ee232-6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.