» e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (7)

e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe

Sense

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Object Browser (signed by BadFinger Project (BrightCircle Investments Limited))

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

18f81f5efe7d46f3308de16fe2c76802

SHA-1:

dcd6f1eb570dded4595b9e5175c44af86b8c0361

SHA-256:

cfc60e03f4ea9c540d1f03105b16f2b4e95685f9e9893593c6b05082a3ddebca

Scanner detections:

15 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/24/2024 12:15:17 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.196.106

AVG

Generic

2015.0.3258

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141217

Comodo Security

ApplicUnwnt

20396

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

G Data

Win32.Adware.Crossrider

14.12.24

IKARUS anti.virus

PUA.Toolbar.CrossRider

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.188.14354

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.543

Malwarebytes

PUP.Optional.Sense.A

v2014.12.17.06

McAfee

Artemis!18F81F5EFE7D

5600.6914

Panda Antivirus

Generic Suspicious

14.12.17.06

Qihoo 360 Security

Win32/Virus.Adware.a87

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Task.g

14.12.17.6

VIPRE Antivirus

Threat.4789396

35418

File size:

1.3 MB (1,407,968 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 8:00:00 AM

Valid to:

11/18/2015 7:59:59 AM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata

Compilation timestamp:

12/16/2014 9:06:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:9JlRtSflbxxO4VOsCtkQqkOTATFT2pSNMOIOQAy5QTy+D5T:9JoljAs4zqkT2pSNMOIO/y5QTy+D5T

Entry address:

0xAC84D

Entry point:

E8, 12, 01, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, E0, 51, 00, E8, 6D, 76, 00, 00, E8, 34, 53, 00, 00, 0F, B7, F0, 6A, 02, E8, A5, 00, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 18, 8E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3426

Code size:

872 KB (892,928 bytes)

Scheduled Task

Task name:

e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6

Trigger:

Logon (Runs on logon)

Action:

e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe \rawdata=uxxsiyzoy09sfhqtt\9hilh9zakj5t0r9r887hsqu

The file e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip-184-168-221-61.ip.secureserver.net (184.168.221.61:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.81.122:80)

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

TCP (HTTP):

Connects to ip-50-63-202-61.ip.secureserver.net (50.63.202.61:80)

Remove e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.