» d44adaaa-685c-4ce3-b013-7330bd3e4014-4.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

d44adaaa-685c-4ce3-b013-7330bd3e4014-4.exe

Internet Speed Checker

Morgan Enter Mode

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application d44adaaa-685c-4ce3-b013-7330bd3e4014-4.exe, “Internet Speed Checker exe” by Morgan Enter Mode has been detected as adware by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Internet Speed Checker by Sailor Project which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Speedchecker (signed by Morgan Enter Mode)

Product:

Internet Speed Checker

Description:

Internet Speed Checker exe

Version:

1000.1000.1000.1000

MD5:

041924276731e201aeb5cce2aee34746

SHA-1:

a619aaeb2daecd8e52e21ab2d626a4fce28ed683

SHA-256:

6756abf99a2a9b9ec56c5dd37e9d3057010a721d4b73fd700fef0f6f5bd03dfa

Scanner detections:

15 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/23/2024 5:13:31 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen4

7.11.179.162

AVG

Morgan

2015.0.3321

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141015

Dr.Web

Trojan.Crossrider.36133

9.0.1.05190

ESET NOD32

Win32/Toolbar.CrossRider.AX (variant)

8.10566

Fortinet FortiGate

W32/GoogUpdate.AX!tr

10/19/2014

G Data

Win32.Adware.Crossrider

14.10.24

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.494

Malwarebytes

PUP.Optional.InternetSpeedChecker.A

v2014.10.15.07

McAfee

Artemis!9636A34C2D88

5600.6972

NANO AntiVirus

Trojan.Win32.GoogUpdate.dgsjmm

0.28.2.62671

Qihoo 360 Security

Win32/Virus.Adware.de5

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Task.g

14.10.15.7

Sophos

Generic PUA GI

4.98

VIPRE Antivirus

Threat.4789396

33706

File size:

1.4 MB (1,511,328 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Internet Speed Checker.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\internet speed checker\d44adaaa-685c-4ce3-b013-7330bd3e4014-4.exe

Digital Signature

Signed by:

Morgan Enter Mode

Authority:

COMODO CA Limited

Valid from:

8/28/2014 2:00:00 AM

Valid to:

8/29/2015 1:59:59 AM

Subject:

CN=Morgan Enter Mode, O=Morgan Enter Mode, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E247EA066029B70533C15792B60ED4D8

File PE Metadata

Compilation timestamp:

10/14/2014 9:39:54 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:kPoWynA3freNIXxoNhjJydpML/xRtU0xnR/TZk43MMpFXujpSpjThi2:ioCPrwjNh6MtR+0HTCMDujpSpjT/

Entry address:

0xED550

Entry point:

E8, B9, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, EC, 01, 01, 00, 3B, 30, 7C, 07, E8, E3, 01, 01, 00, 8B, 30, E8, D6, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 34, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 50, FE, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7E, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 50, FE, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 35, EE... 
[+]

Entropy:

6.6090

Code size:

1.1 MB (1,130,496 bytes)

Scheduled Task

Task name:

d44adaaa-685c-4ce3-b013-7330bd3e4014-4

Trigger:

Logon (Runs on logon)

Action:

d44adaaa-685c-4ce3-b013-7330bd3e4014-4.exe \rawdata=v2bt7czmpddabllwcxc9u859j3kro7jxq2usytmhw

The file d44adaaa-685c-4ce3-b013-7330bd3e4014-4.exe has been discovered within the following program.

Internet Speed Checker by Sailor Project

Internet Speed Checker is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

62% remove it

Remove d44adaaa-685c-4ce3-b013-7330bd3e4014-4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.