home

pingle savebar-buttonutil64.exe

Pingle SaveBar

Reddoor media group co.,Ltd

The application pingle savebar-buttonutil64.exe, “Pingle SaveBar exe” by Reddoor media group co.,Ltd has been detected as adware by 17 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Reddoor  (signed by Reddoor media group co.,Ltd)

Product:
Pingle SaveBar

Description:
Pingle SaveBar exe

Version:
1000.1000.1000.1000

MD5:
4dc0a6bec5c4a2a417a9dc5467fcd45f

SHA-1:
5c55dd1854d82af85d757b14d88786acc3f784dd

SHA-256:
986df02e1f7ffb1f676252b2c4bd924778eeb4fd312930ddc331f64d6d47e4c0

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Reddoor media group co.,Ltd.

Analysis date:
4/25/2024 10:13:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.585693
1034

Baidu Antivirus
HackTool.Win64.Crossrider
4.0.3.1446

Bitdefender
Adware.Generic.585693
1.0.20.480

Bkav FE
W32.Clod9bc.Trojan
1.3.0.4613

Dr.Web
Trojan.Crossrider.1
9.0.1.096

Emsisoft Anti-Malware
Adware.Generic.585693
8.14.04.06.11

ESET NOD32
Win64/Toolbar.Crossrider (variant)
8.9178

Fortinet FortiGate
Adware/Fam.NB
4/6/2014

F-Secure
Adware.Generic.585693
11.2014-06-04_1

G Data
Adware.Generic.585693
14.4.22

herdProtect (fuzzy)
variant of hdvid codec v1-buttonutil64.exe (Adware)
2014.4.6.23

K7 AntiVirus
Trojan
13.174.10530

Malwarebytes
PUP.Optional.HDvidCodec.A
v2014.04.06.11

McAfee
Artemis!09E1271B51C6
5600.7168

MicroWorld eScan
Adware.Generic.585693
15.0.0.288

Reason Heuristics
PUP.Crossrider.ReddoormediagroupcoLtd.BB
14.5.9.10

VIPRE Antivirus
Crossrider
24424

File size:
436.4 KB (446,872 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Pingle SaveBar.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\pingle savebar\pingle savebar-buttonutil64.exe

Digital Signature
Signed by:
Reddoor media group co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2013 8:00:00 AM

Valid to:
6/13/2014 7:59:59 AM

Subject:
CN="Reddoor media group co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Reddoor media group co.,Ltd", L=Taipei, S=Taipei, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07044F2CDD35722B453856E51ABEFE92

File PE Metadata
Compilation timestamp:
6/26/2013 10:50:58 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:0kKKyxFHQqhAC7eV4KDtV/RZ+9qOeEt3mT5GGzc75meZdKecpICTBJHJo2Gv:nKKyxz5qpnQAOemZZ3CTn9Gv

Entry address:
0x30288

Entry point:
48, 83, EC, 28, E8, 8F, B3, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 40, 55, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 50, 48, 8D, 6C, 24, 40, 48, 89, 5D, 40, 48, 89, 75, 48, 48, 89, 7D, 50, 48, 8B, 05, 2E, 75, 03, 00, 48, 33, C5, 48, 89, 45, 08, 8B, 5D, 60, 33, FF, 4D, 8B, F1, 45, 8B, F8, 89, 55, 00, 85, DB, 7E, 2A, 44, 8B, D3, 49, 8B, C1, 41, FF, CA, 40, 38, 38, 74, 0C, 48, FF, C0, 45, 85, D2, 75, F0, 41, 83, CA, FF, 8B, C3, 41, 2B, C2, FF, C8, 3B, C3, 8D, 58, 01, 7C, 02, 8B, D8, 44, 8B, 65...
 
[+]

Entropy:
6.1989

Code size:
290 KB (296,960 bytes)

Remove pingle savebar-buttonutil64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.