» fb6b758b-841b-48a1-9306-e7d79fedf791-2.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

fb6b758b-841b-48a1-9306-e7d79fedf791-2.exe

Sense

Object Browser

The application fb6b758b-841b-48a1-9306-e7d79fedf791-2.exe has been detected as adware by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Object Browser

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

f7a1dfafc8f3b39611203645446472ff

SHA-1:

58663b5f3e0de6ce3d2a2b8bc2de3c604b81b23e

SHA-256:

1495c039adfcc19293024cf3ad4171bbddf995508155affe5170cdf5ef5232e0

Scanner detections:

23 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/18/2024 7:34:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11463942

923

AhnLab V3 Security

PUP/Win32.MulDrop

2014.07.10

Avira AntiVirus

Adware/CrossRider.A.15544

7.11.159.14

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.1471

Bitdefender

Trojan.Generic.11463942

1.0.20.1040

Comodo Security

ApplicUnwnt

18807

Emsisoft Anti-Malware

Trojan.Generic.11463942

8.14.07.27.01

ESET NOD32

Win32/Toolbar.CrossRider.AJ (variant)

8.10063

Fortinet FortiGate

Riskware/Toolbar_CrossRider

9/1/2014

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

F-Secure

Trojan.Generic.11463942

11.2014-27-07_1

G Data

Trojan.Generic.11463942

14.7.24

herdProtect (fuzzy)

variant of da5fafb2-fe4a-4ffa-8ff0-3c951192dd7b-2.exe (Adware)

2014.9.1.23

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.3500

Malwarebytes

PUP.Optional.PlusVid.A

v2014.07.01.02

MicroWorld eScan

Trojan.Generic.11463942

15.0.0.624

NANO AntiVirus

Riskware.Win32.AdLoad.dbzuwj

0.28.0.60698

Panda Antivirus

PUP/MultiToolbar.A

14.07.27.01

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.27.1

Sophos

AppRider

4.98

Trend Micro House Call

Suspicious_GEN.F47V0701

7.2.244

VIPRE Antivirus

Crossrider

31088

File size:

337.5 KB (345,600 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\sense\fb6b758b-841b-48a1-9306-e7d79fedf791-2.exe

File PE Metadata

Compilation timestamp:

6/29/2014 11:03:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:1p5BojgoRgXIujR+GFUlEC3Da2HhOMO6YlgNppTBlF5Hw:1p5B7oqXPIqKOqhOMKeppTzD

Entry address:

0x2B961

Entry point:

E8, A1, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 60, 14, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 34, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E5, 57, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

253 KB (259,072 bytes)

Scheduled Task

Task name:

fb6b758b-841b-48a1-9306-e7d79fedf791-2

Trigger:

Logon (Runs on logon)

Action:

fb6b758b-841b-48a1-9306-e7d79fedf791-2.exe \mkfygwqe \nzpjiem='sense' \ituwgt=48292 \vfhcxapr

The file fb6b758b-841b-48a1-9306-e7d79fedf791-2.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

Remove fb6b758b-841b-48a1-9306-e7d79fedf791-2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.