home

mypoints score 2.1-firefoxinstaller.exe

MyPoints Score 2.1

MyPoints.com

The application mypoints score 2.1-firefoxinstaller.exe, “MyPoints Score 2.1 exe” by MyPoints.com has been detected as adware by 2 anti-malware scanners. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.
Publisher:
MyPoints  (signed by MyPoints.com)

Product:
MyPoints Score 2.1

Description:
MyPoints Score 2.1 exe

Version:
1000.1000.1000.1000

MD5:
5af1437e346f5ece16659337aec58471

SHA-1:
bf7094ba4f3f14c91ac1069f18806883fed96dfc

SHA-256:
2a3dbbe76e0b54a6a4865ba8007e932273790b20378c0cbfaee4ab115cc64d91

Scanner detections:
2 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is MyPoints.com.

Analysis date:
4/19/2024 12:12:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Crossrider.MyPoints.c
14.5.10.12

VIPRE Antivirus
Crossrider
26110

File size:
868 KB (888,848 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
MyPoints Score 2.1.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mypoints score 2.1\mypoints score 2.1-firefoxinstaller.exe

Digital Signature
Signed by:
MyPoints.com

Authority:
COMODO CA Limited

Valid from:
12/24/2013 2:00:00 AM

Valid to:
12/25/2015 1:59:59 AM

Subject:
CN=MyPoints.com, O=MyPoints.com, STREET="50 California Street, 3rd Floor", L=San Francisco, S=Caifornia, PostalCode=94111, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008DBAF4F4240BCBA260650BCD64B226DD

File PE Metadata
Compilation timestamp:
12/29/2013 2:38:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:7Q+ddcWHHXWJnEra/bSxxESSQpx4wA+0t6Tl5qW04RS9epbcMvTWAdw9OpTp0SM:7QWauSE+/bSxxEL4vxiepYMbyCTQ

Entry address:
0x92260

Entry point:
E8, 99, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, 8B, 7B, 08, 33, 3D, F8, 81, 4D, 00, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 8D, 73, 10, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 53, A1, FF, FF, 8B, 4F, 0C, 8B, 47, 08, 03, CE, 33, 0C, 30, E8, 43, A1, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, D0, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8, FE, 0F, 84, EE, 00...
 
[+]

Entropy:
6.5483

Code size:
710 KB (727,040 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/001192/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove mypoints score 2.1-firefoxinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.