home

feven 1.5-codedownloader.exe

Feven 1.5

Brightcircle Investments Limited

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application feven 1.5-codedownloader.exe by Brightcircle Investments Limited has been detected as adware by 12 anti-malware scanners. This file is typically installed with the program Feven 1.5 by Crossrider Advanced Technologies Ltd. (Platform) which is a potentially unwanted software program. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for Feven extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Feven  (signed by Brightcircle Investments Limited)

Product:
Feven 1.5

Description:
Feven 1.5 exe

Version:
1000.1000.1000.1000

MD5:
53f2017a5f70ba4c0ba9097a46231519

SHA-1:
4b191ddd92cbfe72cdf9a3138144e7e888b146e8

Scanner detections:
12 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Brightcircle Investments Limited.

Analysis date:
6/2/2024 10:26:39 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic_r
2015.0.3525

Dr.Web
Trojan.Crossrider.19
9.0.1.084

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9590

Fortinet FortiGate
Riskware/Toolbar_CrossRider
3/25/2014

IKARUS anti.virus
AdWare.AddLyrics
t3scan.2.2.29

Malwarebytes
PUP.Optional.Feven.A
v2014.03.25.11

McAfee
Adware-AddLyrics
5600.7181

Microsoft Security Essentials
Adware:Win32/Feven
1.10401

NANO AntiVirus
Trojan.Win32.Crossrider.csbfcl
0.28.0.58720

Reason Heuristics
PUP.Crossrider.BrightcircleInvestmentsLimited.X
14.8.15.15

Sophos
AppRider
4.98

VIPRE Antivirus
Crossrider
27724

File size:
480.4 KB (491,880 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Feven 1.5.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\feven 1.5\feven 1.5-codedownloader.exe

Digital Signature
Signed by:
Brightcircle Investments Limited

Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2013 2:33:54 PM

Valid to:
3/8/2016 2:33:54 PM

Subject:
CN=Brightcircle Investments Limited, O=Brightcircle Investments Limited, L=Nicosia, S=Strovolos, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
047F36483DC84C

File PE Metadata
Compilation timestamp:
8/12/2013 11:43:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:JNTaAM0saTRAQltE+8TXFlSNNkoqcVzusljYmJtrqGGvPQgXXLhTDAcBw/pT6:JNT141ztFTXqhT6

Entry address:
0x45249

Entry point:
E8, FA, B4, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB...
 
[+]

Code size:
382 KB (391,168 bytes)

The file feven 1.5-codedownloader.exe has been discovered within the following program.

Feven 1.5  by Crossrider Advanced Technologies Ltd. (Platform)
Feven is a web browser extension that changes the browsers search and home pages as well as delivers.
crossrider.com
87% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/003198/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove feven 1.5-codedownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.