» ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2.exe

FLV Player Addon

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2.exe, “FLV Player Addon exe” by Sailor Project has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program FLV Player Addon by Sailor Project which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Nero (signed by Sailor Project)

Product:

FLV Player Addon

Description:

FLV Player Addon exe

Version:

1000.1000.1000.1000

MD5:

1a2d206243fedf9622da1627602db426

SHA-1:

116948faaa6f5c90c4a9b619eb9b3d5b184d4b6b

SHA-256:

ac2a30ace5c077e8c258a1c6d6011a1e800982c06c36366171f8d56412b4a6fd

Scanner detections:

12 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/19/2024 9:51:33 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.178

AVG

Generic

2015.0.3400

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14728

ESET NOD32

Win32/Toolbar.CrossRider.AJ (variant)

8.10144

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

IKARUS anti.virus

AdWare.Adload

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.Enformation.A

v2014.07.28.01

Panda Antivirus

Trj/Genetic.gen

14.07.28.01

Reason Heuristics

PUP.Task.SailorProject.g

14.7.27.12

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14726

Sophos

AppRider

4.98

VIPRE Antivirus

Crossrider

31546

File size:

379.4 KB (388,456 bytes)

Product version:

1000.1000.1000.1000

Original file name:

FLV Player Addon.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\flv player addon\ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/17/2014 5:00:00 PM

Valid to:

7/18/2015 4:59:59 PM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

7/22/2014 3:04:02 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:u0NXQJoBOQyDL+icOJtR9yG+TiZ3fzv4pTBJbpHq:u0NJO//PnRgbTiZvzv4pTbbA

Entry address:

0x2FC31

Entry point:

E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 9E, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 6A, 60, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4612

Code size:

288 KB (294,912 bytes)

Scheduled Task

Task name:

ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2

Trigger:

Logon (Runs on logon)

Action:

ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2.exe \kloplv \fxyintq='flv player addon' \fhawjde=52466

The file ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2.exe has been discovered within the following program.

FLV Player Addon by Sailor Project

FLV Player Addon is an ad-supported (also known as adware) web browser plugin that displays advertisements such as coupon ads in the browser that are displayed on web pages that are not associated with the plugin or would not otherwise appear.

87% remove it

Remove ed0ff18b-9d77-41c4-8d33-4c2c16bdd9b4-2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.