» hezik.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

hezik.exe

Sense

Morgan Enter Mode

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application hezik.exe by Morgan Enter Mode has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named HEZIK triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

hezik.exe

Publisher:

Object Browser (signed by Morgan Enter Mode)

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

719b91b08cb080b233e90cb2424f2884

SHA-1:

507406e43e3dae81efc2b53c4185a56a8baec54d

SHA-256:

f93d079fb01f948c90b31a25724015cc12f131fff3ae6836075ab0ee245ebac8

Scanner detections:

24 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/19/2024 8:55:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Plush.1

825

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.22

Avira AntiVirus

ADWARE/Adware.Gen4

7.11.180.70

AVG

Morgan

2015.0.3314

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141022

Bitdefender

Gen:Variant.Adware.Plush.1

1.0.20.1530

Comodo Security

Application.Win32.Plush.GRI

19893

Dr.Web

Trojan.Crossrider.36626

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Plush

8.14.11.02.10

ESET NOD32

Win32/Toolbar.CrossRider.AX (variant)

8.10600

Fortinet FortiGate

W32/GoogUpdate.AX!tr

11/2/2014

F-Prot

W32/A-1a27c920

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Plush.1

11.2014-02-11_1

G Data

Win32.Adware.Crossrider

14.10.24

K7 AntiVirus

Unwanted-Program

13.185.13802

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.494

Malwarebytes

PUP.Optional.Sense.A

v2014.10.22.02

McAfee

Artemis!719B91B08CB0

5600.6970

MicroWorld eScan

Gen:Variant.Adware.Plush.1

15.0.0.918

NANO AntiVirus

Trojan.Win32.Crossrider.dgzjsr

0.28.2.62841

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Task.MorganEnterMode.F

14.10.22.1

Sophos

Generic PUA FA

4.98

VIPRE Antivirus

Threat.4789396

33706

File size:

1.9 MB (1,943,456 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\hezik.exe

Digital Signature

Signed by:

Morgan Enter Mode

Authority:

COMODO CA Limited

Valid from:

8/27/2014 7:00:00 PM

Valid to:

8/28/2015 6:59:59 PM

Subject:

CN=Morgan Enter Mode, O=Morgan Enter Mode, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00E247EA066029B70533C15792B60ED4D8

File PE Metadata

Compilation timestamp:

10/20/2014 2:35:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:s2jj7GXm7vzTQl0nqGG5nev/pSEFTPZ1V1DzE:RAybTUkqb3N

Entry address:

0xEBB91

Entry point:

E8, D7, FF, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 0A, 01, 01, 00, 3B, 30, 7C, 07, E8, 01, 01, 01, 00, 8B, 30, E8, F4, 00, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, F3, 5E, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 20, BE, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 0D, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 20, BE, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 6E, ED... 
[+]

Code size:

1.1 MB (1,110,528 bytes)

Scheduled Task

Task name:

HEZIK

Trigger:

Logon (Runs on logon)

The file hezik.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

Remove hezik.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.