home

GiantSavings.exe

Giant Savings

Amazing Apps

This is the installer application for a 50onRed advertising supported software package (displays ads in the browser and may hijack the home and search pages of the web browser). The application GiantSavings.exe, “Giant Savings Installer” by Amazing Apps has been detected as adware by 21 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
215 Apps  (signed by Amazing Apps)

Product:
Giant Savings

Description:
Giant Savings Installer

Version:
1.18.149.149

MD5:
9f8e74b1dc9b07d7dcc3d48b299474ba

SHA-1:
50c9a59165ff5b83f9b5d84d5f9744ac86c14722

SHA-256:
cc6491a1d81f3bcfdd290e68a4369da7a24549dd0c9c5c66441456dedf42097b

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/26/2024 5:45:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.554623
1133

Baidu Antivirus
Trojan.Win32.Toolbar
4.0.3.131126

Bitdefender
Adware.Generic.554623
1.0.20.1200

Boost by Reason
Trojan.Adw.Installer.AmazingApps.M
2013.8.28.13

Comodo Security
Heur.Suspicious
17432

Dr.Web
Adware.GamePlayLabs.31
9.0.1.0240

Emsisoft Anti-Malware
Adware.Generic.554623
8.13.08.28.01

ESET NOD32
Win32/Toolbar.CrossRider (variant)
7.9170

F-Prot
W32/VidSav.A.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.VidSaver.1
11.2013-26-11_3

G Data
Adware.Generic.554623
13.8.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10509

Malwarebytes
PUP.GamePlayLabs
v2013.08.28.01

McAfee
GamePlayLabs
5600.7181

MicroWorld eScan
Adware.Generic.554623
14.0.0.990

Quick Heal
Adware.Crossid (Not a Virus)
8.13.12.00

Reason Heuristics
PUP.Installer.AmazingApps.M
14.8.7.17

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.131227

Sophos
AppRider
4.96

VIPRE Antivirus
GamePlayLabs
24324

File size:
1.8 MB (1,860,056 bytes)

Copyright:
Copyright 215 Apps

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\giantsavings.exe

Digital Signature
Signed by:
Amazing Apps

Authority:
Thawte, Inc.

Valid from:
4/30/2012 5:00:00 PM

Valid to:
5/1/2013 4:59:59 PM

Subject:
CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2E307885017928B61D4F2CEF5EB10A05

File PE Metadata
Compilation timestamp:
1/5/2010 4:09:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
49152:y73tNnhKZCldnlmpK8fSTWKCQ7oXWBP41KbdXL:q3fnhKZCvl80TpC6kWBP4UFL

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Entropy:
7.9925  (probably packed)

Code size:
33 KB (33,792 bytes)

The file GiantSavings.exe has been seen being distributed by the following URL.

http://d3fnqfpn2r2a3x.cloudfront.net/downloader/.../GiantSavings.exe

Remove GiantSavings.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.