home

hpsr.exe

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application hpsr.exe, “Object Browser exe” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 30 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Object Browser  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
Object Browser

Description:
Object Browser exe

Version:
1000.1000.1000.1000

MD5:
df6c178b14e777a977f08da50654ea6e

SHA-1:
aa405e209c08bc44c128c185c6eeca721cea18d9

SHA-256:
73741d31349bb016ca564b53f6d8e054e6d22bc8018f6163c0da77d3f9b69846

Scanner detections:
30 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
5/9/2024 5:29:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.Bv1@muGijZgO
6648269

AhnLab V3 Security
PUP/Win32.CrossRider
2015.03.02

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.213.12

avast!
Win32:Adware-gen [Adw]
150101-1

AVG
Generic
2016.0.3183

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.1532

Bitdefender
Gen:Application.Heur.Bv1@muGijZgO
1.0.20.305

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
21036

Dr.Web
Trojan.Crossrider.46789
9.0.1.061

Emsisoft Anti-Malware
Gen:Application.Heur.Bv1@muGijZgO
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.CB potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
3/9/2015

F-Prot
W32/Crossrider.C.gen
v6.4.7.1.166

F-Secure
Riskware.Gen:Application.Heur.Bv1@muGijZgO
5.13.68

G Data
Gen:Application.Heur.Bv1@muGijZgO
15.3.25

K7 AntiVirus
Unwanted-Program
13.1915121

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.ObjectBrowser.A
v2015.03.02.02

McAfee
Program.PUP-FTK
16.8.708.2

MicroWorld eScan
Gen:Application.Heur.Bv1@muGijZgO
16.0.0.183

NANO AntiVirus
Riskware.Win32.Crossrider.dkjtff
0.30.0.296

Norman
Gen:Application.Heur.Bv1@kuGijZgO
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.03.02.02

Qihoo 360 Security
Win32/Virus.Adware.a87
1.0.0.1015

Quick Heal
PUA.BrightCircle.OD6
3.15.14.00

Reason Heuristics
Adware.BrightCircle.ObjectBrowser
15.3.2.2

Sophos
PUA 'AppRider' (of type Adware)
5.11

VIPRE Antivirus
Threat.4789396
37588

Zillya! Antivirus
Adware.Adwapper.Win32.2382
2.0.0.2085

File size:
1.4 MB (1,500,640 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Object Browser.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\hpsr.exe

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/16/2014 5:00:00 PM

Valid to:
11/17/2015 4:59:59 PM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/8/2014 11:47:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:s/IUHkoVnYYXz1ljoxFgJg9vc40xVNSiBiubGl18t04x9n572ApSksZTe6B:sQUR9jfagJgq40jSUGlwxb72ApSkETD

Entry address:
0xED4EB

Entry point:
E8, 35, FE, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 68, FF, 00, 00, 3B, 30, 7C, 07, E8, 5F, FF, 00, 00, 8B, 30, E8, 52, FF, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, C9, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 20, D8, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 13, 2F, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 20, D8, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, CC, EB...
 
[+]

Entropy:
6.6044

Code size:
1.1 MB (1,120,256 bytes)

Remove hpsr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.