kszyzl.exe

Sense

Sara Kodama Project

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application kszyzl.exe by Sara Kodama Project has been detected as adware by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named KSZYZL triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Object Browser  (signed by Sara Kodama Project)

Product:
Sense

Description:
Sense exe

Version:
1000.1000.1000.1000

MD5:
0400153cfeeb2d50c0e549e84badbef4

SHA-1:
f5bf376a05e68fb0bbe901a8c2546b446efb0143

SHA-256:
16e30e2b0067cf65eeab5bf83cb21eb192fb4826f149ccf9a18e4a5c0440291c

Scanner detections:
23 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
11/14/2018 4:29:34 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Plush.1
803

AhnLab V3 Security
PUP/Win32.CrossRider
2014.11.10

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.183.220

avast!
Win32:Crossrider-AI [PUP]
141025-0

AVG
Generic
2015.0.3295

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.14119

Bitdefender
Gen:Variant.Adware.Plush.1
1.0.20.1640

Comodo Security
Application.Win32.Plush.GRI
20033

Emsisoft Anti-Malware
Gen:Variant.Adware.Plush
8.14.11.24.11

ESET NOD32
Win32/Toolbar.CrossRider.AX (variant)
8.10695

Fortinet FortiGate
Adware/Adwapper
11/24/2014

F-Secure
Gen:Variant.Adware.Plush.1
11.2014-24-11_2

G Data
Win32.Adware.Crossrider
14.11.24

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.8.3.0

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.494

Malwarebytes
PUP.Optional.Sense.A
v2014.11.09.01

McAfee
Artemis!96D2CE4A0404
5600.6937

MicroWorld eScan
Gen:Variant.Adware.Plush.1
15.0.0.984

Panda Antivirus
Trj/Genetic.gen
14.11.24.11

Qihoo 360 Security
Win32/Virus.Adware.a87
1.0.0.1015

Reason Heuristics
PUP.Task.SaraKodamaProject.G
14.11.10.14

Sophos
Generic PUA NN
4.98

VIPRE Antivirus
Threat.4789396
34232

File size:
1.9 MB (2,025,376 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Sense.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\kszyzl.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/20/2014 2:00:00 AM

Valid to:
10/21/2015 1:59:59 AM

Subject:
CN=Sara Kodama Project, O=Sara Kodama Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75E47031A737D2A200F0C7A94034399F

File PE Metadata
Compilation timestamp:
11/8/2014 9:37:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:/5o9F2u/nsDN30+E2WbVap3MjISpSIiT9Z1V1Dzf:xo9ZPeE5Rap3Mgj

Entry address:
0xF5991

Entry point:
E8, 67, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 9A, FE, 00, 00, 3B, 30, 7C, 07, E8, 91, FE, 00, 00, 8B, 30, E8, 84, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 80, ED, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 80, ED, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, FE, EA...
 
[+]

Code size:
1.1 MB (1,187,328 bytes)

Scheduled Task
Task name:
KSZYZL

Trigger:
Logon (Runs on logon)


The file kszyzl.exe has been discovered within the following program.

Sense  by Object Browser
Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-50-63-202-59.ip.secureserver.net  (50.63.202.59:80)

Remove kszyzl.exe - Powered by Reason Core Security