» e9de11b5-6ae7-46b3-8a8c-305d310d8a1b.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

e9de11b5-6ae7-46b3-8a8c-305d310d8a1b.exe

Torpedo

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application e9de11b5-6ae7-46b3-8a8c-305d310d8a1b.exe by Naruto Source has been detected as adware by 6 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Internet Speed Checker by Sailor Project which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Naruto Source (signed and verified)

Product:

Torpedo

Version:

1.0.0.0

MD5:

6fb9da7140c5cdc869670a10e3c832d2

SHA-1:

dee9773cd8e04ad29ccb5e84985c850acd8f9076

SHA-256:

bd43c7743f8d82c04b14370129afe26ac601a40147c21dbb7c7536d07f5806c9

Scanner detections:

6 / 68

Status:

Adware

Analysis date:

4/26/2024 5:56:40 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CrossRider.pq

7.11.170.136

AVG

Generic

2015.0.3363

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.5.0

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3311

Reason Heuristics

PUP.NarutoSource.e

14.9.2.17

Vba32 AntiVirus

AdWare.Adwapper

3.12.26.3

File size:

31.4 KB (32,104 bytes)

Product version:

1.0.0.0

Original file name:

TorpedoCh.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\internet speed checker\e9de11b5-6ae7-46b3-8a8c-305d310d8a1b.exe

Digital Signature

Signed by:

Naruto Source

Authority:

COMODO CA Limited

Valid from:

7/28/2014 2:00:00 AM

Valid to:

7/29/2015 1:59:59 AM

Subject:

CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1CE82906A7F364268F66771839675655

File PE Metadata

Compilation timestamp:

8/18/2014 2:08:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:+dL5HFxTS9acVNVdlG959NepeFnXi4BaX:sHX+fdlRcFn3aX

Entry address:

0x81EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

24.5 KB (25,088 bytes)

Scheduled Task

Task name:

e9de11b5-6ae7-46b3-8a8c-305d310d8a1b

Trigger:

Logon (Runs on logon)

Action:

e9de11b5-6ae7-46b3-8a8c-305d310d8a1b.exe 001726 486fba3f332148a8864219002591ac04ie 61752 14

The file e9de11b5-6ae7-46b3-8a8c-305d310d8a1b.exe has been discovered within the following program.

Internet Speed Checker by Sailor Project

Internet Speed Checker is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

62% remove it

Remove e9de11b5-6ae7-46b3-8a8c-305d310d8a1b.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.