home

Savings Sidekick.exe

Savings Sidekick

Friendly Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application Savings Sidekick.exe, “Savings Sidekick exe” by Friendly Apps has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program Savings Sidekick by 215 Apps which is a potentially unwanted software program. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
215 Apps  (signed by Friendly Apps)

Product:
Savings Sidekick

Description:
Savings Sidekick exe

Version:
1.1.149.14

MD5:
be9bf3aa1e7ddbbdbca50d44e89b29b8

SHA-1:
531f9951b8a388f6ab397095d724265c76333a3c

SHA-256:
f35df9c784f674bd6443e70353b5f5ed519bbd83f3d93721cad078701387ba99

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
5/18/2024 6:52:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.478744
1072

Bitdefender
Adware.Generic.478744
1.0.20.290

Boost by Reason
Optional.FriendlyApps.Q
188838

Comodo Security
ApplicUnwnt
17844

Dr.Web
Adware.Plugin.24
9.0.1.058

Emsisoft Anti-Malware
Adware.Generic.478744
8.14.02.27.10

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9466

F-Secure
Adware.Generic.478744
11.2014-27-02_5

G Data
Adware.Generic.478744
14.2.24

K7 AntiVirus
Unwanted-Program
13.176.11256

Malwarebytes
PUP.CrossRider.SSK
v2014.02.27.10

McAfee
Artemis!B57DFC9CDC28
5600.7010

MicroWorld eScan
Adware.Generic.478744
15.0.0.174

Quick Heal
Adware.Crossid (Not a Virus)
9.14.12.00

Reason Heuristics
PUP.FriendlyApps.Q
14.8.7.17

Sophos
AppRider
4.97

Trend Micro House Call
TROJ_GEN.R0CBH05L413
7.2.254

VIPRE Antivirus
GamePlayLabs
26824

File size:
431.4 KB (441,736 bytes)

Product version:
1.1.149.14

Copyright:
Copyright 2011

Original file name:
Savings Sidekick.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\savings sidekick\savings sidekick.exe

Digital Signature
Signed by:
Friendly Apps

Authority:
Thawte, Inc.

Valid from:
5/1/2012 3:00:00 AM

Valid to:
5/2/2013 2:59:59 AM

Subject:
CN=Friendly Apps, O=Friendly Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
56D17D2D52C2BC3A2CECDA129CA33619

File PE Metadata
Compilation timestamp:
6/5/2012 12:16:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:KI4T2INIZUzY22w3RNKyK9wMV4I4/MdfH8FUllbo63uql1Ndq:KfQ8FD6rl1y

Entry address:
0x42283

Entry point:
E8, BA, 90, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 74, D0, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 40, 96, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 44, A0, 45, 00...
 
[+]

Entropy:
6.4486

Code size:
353.5 KB (361,984 bytes)

The file Savings Sidekick.exe has been discovered within the following program.

Savings Sidekick  by 215 Apps
Savings Sidekick from 215 Apps (Amazing Apps) installs a web browser extension (Internet Explorer Browser Helper Object) to view web pages loaded and looks for affiliated merchants in order to possibly provide better pricing or alternative deals on a given product or merchant.
www.50onred.com
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 67-20-66-236.unifiedlayer.com  (67.20.66.236:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.81.66:80)

Remove Savings Sidekick.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.