ghostery-ie.exe

Ghostery IE

Evidon, Inc.

The application ghostery-ie.exe, “Ghostery IE Installer” by Evidon has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from crossrider.com.
Publisher:
Evidon Inc.  (signed by Evidon, Inc.)

Product:
Ghostery IE

Description:
Ghostery IE Installer

Version:
1.28.153.4

MD5:
c969a677951d8d0df97d28febec30f2c

SHA-1:
8eda66a9ad82ab0300d347f007e0a8b09dc21686

SHA-256:
6cdde03ffef13850367ff02110d5a1a4e3a0fb88983885e3566488f0737c366b

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
9/30/2020 7:01:48 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.ScrambleWrapper
7.1.1

Bkav FE
HW32.CDB
1.3.0.4959

Dr.Web
Trojan.Crossrider.5
9.0.1.0285

ESET NOD32
Win32/Packed.ScrambleWrapper
8.9751

Malwarebytes
PUP.Optional.AdLyrics
v2014.10.12.11

VIPRE Antivirus
Crossrider
28798

File size:
2.5 MB (2,656,440 bytes)

Copyright:
Copyright Evidon Inc.

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
3/14/2011 5:30:00 AM

Valid to:
3/14/2014 5:29:59 AM

Subject:
CN="Evidon, Inc.", O="Evidon, Inc.", STREET=28 W. 44th St., STREET=Ste. 800, L=New York, S=NY, PostalCode=10036, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A360D17B416CE4A553A541F18C27640A

File PE Metadata
Compilation timestamp:
2/19/2012 8:31:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
49152:SMq2X6YL852gVXV7fEQuhd6q1eW6p4TPWc3FsRJZoky7xmf0QzKD:GMi2gVx4d60eW6KTPVwsFaG

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9877  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The file ghostery-ie.exe has been seen being distributed by the following URL.

Remove ghostery-ie.exe - Powered by Reason Core Security