home

pingle savebar-helper.exe

Reddoor media group co.,Ltd

The application pingle savebar-helper.exe by Reddoor media group co.,Ltd has been detected as adware by 21 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Reddoor media group co.,Ltd  (signed and verified)

MD5:
3c9e66fc919a2b72cd1b2bfd5813d791

SHA-1:
9e8e607731778741c18500f9bbfc30c3a4aa6b1a

SHA-256:
687c8e61b77bd943e88a7aff58a5689ee027c546f7f27c07cedbe7f05a3a3294

Scanner detections:
21 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/18/2024 10:51:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.590021
1034

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.1446

Bitdefender
Adware.Generic.590021
1.0.20.480

Bkav FE
W32.Clod855.Trojan
1.3.0.4613

Dr.Web
Trojan.Crossrider.1
9.0.1.096

Emsisoft Anti-Malware
Adware.Generic.590021
8.14.04.06.11

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9271

Fortinet FortiGate
Adware/Fam.NB
4/6/2014

F-Secure
Adware.Generic.590021
11.2014-06-04_1

G Data
Adware.Generic.590021
14.4.22

herdProtect (fuzzy)
variant of hdvid codec v1-helper.exe (Adware)
2014.4.6.23

K7 AntiVirus
Trojan
13.175.10794

Malwarebytes
PUP.Optional.CrossRider
v2014.04.06.11

McAfee
Artemis!1EFC1A91DC2A
5600.7168

MicroWorld eScan
Adware.Generic.590021
15.0.0.288

NANO AntiVirus
Trojan.Win32.Crossrider.cqnfcr
0.28.0.57029

Panda Antivirus
Suspicious file
14.04.06.11

Reason Heuristics
PUP.Crossrider.ReddoormediagroupcoLtd.V
14.5.9.10

Sophos
Generic PUA FI
4.96

Trend Micro House Call
TROJ_GEN.R0C1H05JL13
7.2.96

VIPRE Antivirus
Crossrider
25262

File size:
308.4 KB (315,800 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\pingle savebar\pingle savebar-helper.exe

Digital Signature
Signed by:
Reddoor media group co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2013 8:00:00 AM

Valid to:
6/13/2014 7:59:59 AM

Subject:
CN="Reddoor media group co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Reddoor media group co.,Ltd", L=Taipei, S=Taipei, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07044F2CDD35722B453856E51ABEFE92

File PE Metadata
Compilation timestamp:
6/10/2013 6:08:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:e9Y+7foVZwNFuZg0Z4iGKSeGepoL2gqTB65nRzD:P+7fuZwve7CFEpoL2gqT455

Entry address:
0x25E38

Entry point:
E8, 71, 9A, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1...
 
[+]

Entropy:
6.5499

Code size:
233.5 KB (239,104 bytes)

Remove pingle savebar-helper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.