home

color my facebook-chromeinstaller.exe

Color My Facebook

Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com

The application color my facebook-chromeinstaller.exe, “Color My Facebook exe” by Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file utilizes the Crossrider browser extension platform. ChromeInstaller is the component designed to install and manage the extension's Google Chrome integration. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.
Publisher:
Duval  (signed by Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com)

Product:
Color My Facebook

Description:
Color My Facebook exe

Version:
1000.1000.1000.1000

MD5:
83a289c9f249130c6045de0ee60f40d0

SHA-1:
bfc17ad93a0108c98f45c7c45b1f75c3ae430a28

SHA-256:
dc10b42c78af240d24a74c0d81749f168bf6956e4bdb486b636a64543e969d5e

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Gogole Chrome.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com.

Analysis date:
4/25/2024 9:17:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
16.7.23.20

File size:
767.6 KB (786,008 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Color My Facebook.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\color my facebook\color my facebook-chromeinstaller.exe

Digital Signature
Signed by:
Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com

Authority:
Apple Inc.

Valid from:
7/15/2012 2:25:00 PM

Valid to:
7/15/2013 2:25:00 PM

Subject:
C=FR, CN=Safari Developer: (ZMLURJCR77) duvalaugustin@gmail.com, OID.0.9.2342.19200300.100.1.1=3MV9W8EA58

Issuer:
CN=Apple Worldwide Developer Relations Certification Authority, OU=Apple Worldwide Developer Relations, O=Apple Inc., C=US

Serial number:
24A43EE61F285A43

File PE Metadata
Compilation timestamp:
11/26/2013 7:11:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:iEWoa5gQmjtKcKys08ZncAjbiTd8xMhgaWAAX5+BVUAPThWvsdwqpTy93:iEy5lmJo0IceiTd8xMhEXoVUO0iTW

Entry address:
0x7F669

Entry point:
E8, 8A, D9, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, B1, 4B, 00, E8, 41, 41, 00, 00, E8, D3, 1D, 00, 00, 0F, B7, F0, 6A, 02, E8, 1D, D9, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E1, 75, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.5695

Code size:
625.5 KB (640,512 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/007651/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove color my facebook-chromeinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.