home

ins_sense.exe

Selecao Technologies (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ins_sense.exe by Selecao Technologies (Bright Circle Investments) has been detected as adware by 27 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Selecao Technologies (Bright Circle Investments Ltd)  (signed and verified)

MD5:
5e477ce8a3fe7d3d2a4cb05f56a2649f

SHA-1:
fe2a114b61f4a32e5f56ec7c587eb23bdfc93da6

SHA-256:
e0c85d97dc443ced746719f716faf1864778b03626dc27c5ed0bcf0af2435537

Scanner detections:
27 / 68

Status:
Adware

Explanation:
The installation part of the Crossrider toolbar platform that delivers ads into the web browser.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Selecao Technologies (Bright Circle Investments Ltd).

Analysis date:
4/25/2024 9:23:40 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.173350
689

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.25

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.204.248

avast!
Win32:Adware-gen [Adw]
2014.9-150318

AVG
Win32/DH{gRIgIiUBNgA1Tg}
2016.0.3219

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.15124

Bitdefender
Gen:Variant.Adware.Graftor.173350
1.0.20.385

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.CrossRider.KI
21334

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.173350
8.15.03.18.01

ESET NOD32
Win32/Toolbar.CrossRider.BS potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
3/18/2015

F-Prot
W32/S-19af1ceb
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor
11.2015-18-03_4

G Data
Gen:Variant.Adware.Graftor.173350
15.3.25

IKARUS anti.virus
PUA.CrossRider
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15196

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

Malwarebytes
PUP.Optional.CrossRider.A
v2015.01.24.10

MicroWorld eScan
Gen:Variant.Adware.Graftor.173350
16.0.0.231

NANO AntiVirus
Riskware.Win32.CrossRider.dmwukm
0.30.0.296

Panda Antivirus
Trj/Genetic.gen
15.01.24.10

Qihoo 360 Security
Win32/Virus.WebToolbar.762
1.0.0.1015

Reason Heuristics
Adware.Crossrider.Brightcircle
15.1.26.11

Sophos
Generic PUA KG
4.98

VIPRE Antivirus
Threat.4789396
36694

Zillya! Antivirus
Adware.CrossRider.Win32.2401
2.0.0.2090

File size:
154 KB (157,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ins_sense.exe

Digital Signature
Signed by:
Selecao Technologies (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/15/2014 4:00:00 PM

Valid to:
12/16/2015 3:59:59 PM

Subject:
CN=Selecao Technologies (Bright Circle Investments Ltd), O=Selecao Technologies (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3F2791037D410A199539AA4A99F7DEB3

File PE Metadata
Compilation timestamp:
1/23/2015 9:07:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:OhJMgFrZULxgp03PSO4ABQ+0YZqMvs1C8/ehoraNUXYgnHpQu:Oh2xDQePvs1C8/ehoraNUXdH

Entry address:
0x95D4

Entry point:
E8, AD, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 51, 32, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.4709

Code size:
107 KB (109,568 bytes)

Remove ins_sense.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.