» deals plugin extension-bg.exe
Overview
Analysis
File Details
Network (2)

deals plugin extension-bg.exe

Deals Plugin Extension

Innovative Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application deals plugin extension-bg.exe, “Deals Plugin Extension exe” has been detected as adware by 11 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.

File name:

Publisher:

Innovative Apps

Product:

Deals Plugin Extension

Description:

Deals Plugin Extension exe

Version:

1.1.153.47

MD5:

1f038620073481a6df0e7a4557cec1ee

SHA-1:

d24cb755fc1dd9b0abbe8931faa14cb28aa5806f

SHA-256:

4267d39ff255bfecb31a77458f8518989636f38bc6e25be9e453e5b4dc2fd798

Scanner detections:

11 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/23/2024 4:18:13 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.A.6473

7.11.156.20

avast!

Win32:Installer-M [Adw]

2014.9-140406

Baidu Antivirus

Adware.Win32.Agent

4.0.3.1425

Bkav FE

W32.Clod704.Trojan

1.3.0.4613

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.9187

G Data

Win32.Trojan.Agent.U0R9S6

14.4.22

K7 AntiVirus

Unwanted-Program

13.180.12484

Malwarebytes

Spyware.Password

v2014.04.06.06

Reason Heuristics

Trojan.Adw.InnovativeApps.Z

14.2.5.1

Sophos

AppRider

4.98

VIPRE Antivirus

Crossrider

24484

File size:

1.4 MB (1,496,576 bytes)

Product version:

1.1.153.47

Original file name:

Deals Plugin Extension.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\deals plugin extension\deals plugin extension-bg.exe

File PE Metadata

Compilation timestamp:

4/3/2013 11:51:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:v7bZCjqas5Xic/e5RbYheGtptUsRgQ+PjxcEykQqHNuquXvSMT61c5Kw:jbZCjTeXic25RUh5tptUsRgQ+PNDBHh0

Entry address:

0xEF2AD

Entry point:

E8, B0, AB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, AB, 56, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, AB, 56, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 85, 0E, 00, 00, 85, C0, 75, 06, B8, A0, AC, 56, 00, C3, 83, C0, 08, C3, E8, 72, 0E, 00, 00, 85, C0, 75, 06, B8, A4, AC, 56, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Entropy:

6.5761

Code size:

1.2 MB (1,249,280 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-215-105-90.deploy.static.akamaitechnologies.com (23.215.105.90:80)

TCP (HTTP):

Connects to a23-63-227-122.deploy.static.akamaitechnologies.com (23.63.227.122:80)

Remove deals plugin extension-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.