» d8abb253-5fd0-4908-ab1e-d15ea12b2d15-1-7.exe
Overview
Analysis
File Details
Behaviors (1)

d8abb253-5fd0-4908-ab1e-d15ea12b2d15-1-7.exe

SmartSaver+ 3

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application d8abb253-5fd0-4908-ab1e-d15ea12b2d15-1-7.exe, “SmartSaver+ 3 exe” by ColoColo Apps (Bright Circle Investments) has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

smart-saverplus (signed by ColoColo Apps (Bright Circle Investments Ltd))

Product:

SmartSaver+ 3

Description:

SmartSaver+ 3 exe

Version:

1000.1000.1000.1000

MD5:

6938f15c03aad9979a6781725acf8773

SHA-1:

a37e168ef48bca69b00e27fcc0236a43b429370e

SHA-256:

150a084da62ab424e3ef64df8a09caaa1acb1bc7117248522c3764dd4e88015a

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers. Distributed through the Brightcircle investments brand.

Analysis date:

4/19/2024 1:31:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.av1@m8KGaZeO

6505302

AhnLab V3 Security

PUP/Win32.Solimba

2015.02.01

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.206.68

AVG

Generic

2016.0.3204

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.1528

Bitdefender

Gen:Application.Heur.av1@m8KGaZeO

1.0.20.160

Dr.Web

Trojan.Crossrider1.15529

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Heur.av1@m8KGaZeO

9.0.0.4799

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.av1@m8KGaZeO

5.13.68

G Data

Gen:Application.Heur.av1@m8KGaZeO

15.2.25

K7 AntiVirus

Unwanted-Program

13.193.14866

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.543

Malwarebytes

PUP.Optional.SmartSaver.A

v2015.02.01.04

MicroWorld eScan

Gen:Application.Heur.av1@m8KGaZeO

16.0.0.96

NANO AntiVirus

Trojan.Win32.Crossrider1.dnioai

0.30.0.65070

Norman

Gen:Application.Heur.av1@m8KGaZeO

02.01.2015 13:58:24

Panda Antivirus

Trj/Genetic.gen

15.02.01.04

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Adware.Crossrider.Task.Brightcircle

15.2.10.11

Sophos

Generic PUA DB

4.98

VIPRE Antivirus

Threat.4789396

36666

File size:

1 MB (1,064,920 bytes)

Product version:

1000.1000.1000.1000

Original file name:

SmartSaver+ 3.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\smartsaver+ 3\d8abb253-5fd0-4908-ab1e-d15ea12b2d15-1-7.exe

Digital Signature

Signed by:

ColoColo Apps (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 12:00:00 AM

Valid to:

12/16/2015 11:59:59 PM

Subject:

CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata

Compilation timestamp:

1/30/2015 11:04:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:wZH1/MhfXL7uaKSK5myZmt4vX6/xOP+0ZzM6EVQPWUH9Ry+P12y9F28WEgwdOtpZ:wB5O/xA+IzMW/N2y9F74vtpSMrTEg

Entry address:

0x9A122

Entry point:

E8, CD, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00... 
[+]

Entropy:

6.5559

Code size:

754.5 KB (772,608 bytes)

Scheduled Task

Task name:

d8abb253-5fd0-4908-ab1e-d15ea12b2d15-1-7

Trigger:

Logon (Runs on logon)

Remove d8abb253-5fd0-4908-ab1e-d15ea12b2d15-1-7.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.