home

crashsender1402.exe

CrashRpt

SIEN Internet Products Ltd

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application crashsender1402.exe, “Crash Report Delivery Module” by SIEN Internet Products has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer.
Publisher:
SIEN Internet Products Ltd  (signed and verified)

Product:
CrashRpt

Description:
Crash Report Delivery Module

Version:
1.4.0.2

MD5:
2475acef1af91e51fe98ba0a77b485be

SHA-1:
fe9246311dad34497655049edaa8ed58642e5b3b

SHA-256:
176c001786d0cbcec70814773d74cc940aa2a091014913bb48310c837b96d51a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/17/2024 8:30:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien.SIENInte.Bundler (M)
16.3.13.4

File size:
722.1 KB (739,440 bytes)

Product version:
1.4.0.2

Copyright:
Copyright 2003-2013 The CrashRpt Project Authors

Original file name:
CrashSender.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Common path:
C:\users\{user}\appdata\roaming\getnowupdater\update.104\bin\crashsender1402.exe

Digital Signature
Signed by:
SIEN Internet Products Ltd

Authority:
GlobalSign nv-sa

Valid from:
2/2/2015 8:13:19 PM

Valid to:
2/3/2016 8:13:19 PM

Subject:
CN=SIEN Internet Products Ltd, O=SIEN Internet Products Ltd, L=London, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121B83795C783CB891BECAAAEEF4B5E1F5B

File PE Metadata
Compilation timestamp:
11/14/2013 12:22:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:JZv7InmEZOuH2YHfCrvdD4J7J467rPaJIpUD/HJapl40EQTip5yJK:LBEZkvdDopP6IpUD/HJwl40Fid

Entry address:
0x1BA700

Entry point:
60, BE, 00, D0, 50, 00, 8D, BE, 00, 40, EF, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
696 KB (712,704 bytes)

Remove crashsender1402.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.