» lucky savings-bg.exe
Overview
Analysis
File Details
Programs (1)

lucky savings-bg.exe

Lucky Savings

Excellent Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application lucky savings-bg.exe, “Lucky Savings exe” by Excellent Apps has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program Lucky Savings by 215 Apps which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.

File name:

Publisher:

215 Apps (signed by Excellent Apps)

Product:

Lucky Savings

Description:

Lucky Savings exe

Version:

1.1.153.69

MD5:

61eb68a0b7348f22a264544379abc831

SHA-1:

12bda65149ef4c4ff27b01ab7728ace47ad35ad6

SHA-256:

aec19b29efad6526b767224b86241abeef80e198a9e27cd0388a077ed9c24cca

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Excellent Apps.

Analysis date:

4/17/2024 11:54:25 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

ADWARE/CrossRider.Gen2

8.3.1.6

avast!

Win32:Crossrider-AI [PUP]

2014.9-160126

AVG

Potentially harmful program Crossrider

2017.0.2852

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

ApplicUnwnt

19325

Dr.Web

Adware.Plugin.918

9.0.1.026

ESET NOD32

Win32/Toolbar.CrossRider.H potentially unwanted application

10.7.0.302.0

G Data

Win32.Trojan.Agent.WQ2Y1M

16.1.22

K7 AntiVirus

Unwanted-Program

13.204.16151

Malwarebytes

PUP.Optional.LuckySavings.A

v2016.01.26.08

NANO AntiVirus

Riskware.Win32.CrossRider.dgrdtp

0.30.24.1636

Reason Heuristics

PUP.50OnRed.ExcellentApps (M)

16.1.26.20

Sophos

AppRider

4.98

SUPERAntiSpyware

Adware.CrossRider/Variant

9361

Trend Micro House Call

TROJ_GEN.F47V0325

7.2.26

VIPRE Antivirus

GamePlayLabs

40896

Zillya! Antivirus

Adware.Agent.Win32.60006

2.0.0.2209

File size:

1 MB (1,054,600 bytes)

Product version:

1.1.153.69

Original file name:

Lucky Savings.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\lucky savings\lucky savings-bg.exe

Digital Signature

Signed by:

Excellent Apps

Authority:

Thawte, Inc.

Valid from:

8/28/2012 5:00:00 PM

Valid to:

8/29/2013 4:59:59 PM

Subject:

CN=Excellent Apps, O=Excellent Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

6D2FB6375D3A8788B735FEDBD060732B

File PE Metadata

Compilation timestamp:

2/11/2013 6:32:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:DR8v9USJo/iXPheY5bv6XZMZnfaBhlEfSSt2QiTvAbP:Dk9/o/WPheY5bv6XSnCBISA2QiTvAbP

Entry address:

0x97C8E

Entry point:

E8, EB, AC, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 62, C6, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, E8, EF, 4F, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01... 
[+]

Entropy:

6.5553

Code size:

853 KB (873,472 bytes)

The file lucky savings-bg.exe has been discovered within the following program.

Lucky Savings by 215 Apps

Lucky Savings from 50onRed installs a web browser plugin that displays coupon deals and other advertisements when users visit various online shopping sites.

www.50onred.com

87% remove it

Remove lucky savings-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.