feven 1.7-updater.exe

Feven 1.7

Brightcircle Investments Limited

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application feven 1.7-updater.exe by Brightcircle Investments Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider browser extension toolkit; the Updater component is used to dynamically connects to the Crossrider API (update.srvstatsdata.com/.../{CAMP_ID}/update.json) and download additional code in order to automatically update Feven extension/toolbar. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Feven  (signed by Brightcircle Investments Limited)

Product:
Feven 1.7

Description:
Feven 1.7 exe

Version:
1000.1000.1000.1000

MD5:
a3f24aa2cde978479491e7a1bc37c60a

SHA-1:
c556530d8c43675ed443aba10434b6f701bfd1d5

SHA-256:
62e69471467ab3e2adba1a1ed41a102f1f7469b3a40f12445b181ed9076ec3f7

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. This is the updater mechanism that runs in the background as a scheduled task. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Brightcircle Investments Limited.

Analysis date:
6/1/2020 11:34:23 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
17.1.23.19

File size:
386.9 KB (396,136 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Feven 1.7.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\feven 1.7\feven 1.7-updater.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2013 2:33:54 PM

Valid to:
3/8/2016 2:33:54 PM

Subject:
CN=Brightcircle Investments Limited, O=Brightcircle Investments Limited, L=Nicosia, S=Strovolos, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
047F36483DC84C

File PE Metadata
Compilation timestamp:
10/9/2013 4:51:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x2E75C

Entry point:
E8, 5D, D0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, C0, 45, 00, E8, DE, 47, 00, 00, E8, 5A, 1E, 00, 00, 0F, B7, F0, 6A, 02, E8, F0, CF, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 6E, 78, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
290 KB (296,960 bytes)

Scheduled Task
Task name:
Feven 1.7-updater

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

TCP (HTTP):
Connects to ssl.hwcdn.net  (205.185.208.11:80)

TCP (HTTP):
Connects to errors.srvstatsdata.com  (208.85.150.249:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove feven 1.7-updater.exe - Powered by Reason Core Security