» sense-buttonutil64.exe
Overview
Analysis
File Details
Programs (1)

sense-buttonutil64.exe

Sense

Armageddon Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application sense-buttonutil64.exe by Armageddon Labs (BrightCircle Investments Limited) has been detected as adware by 7 anti-malware scanners. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Object Browser (signed by Armageddon Labs (BrightCircle Investments Limited))

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

24d0259ac329a2e34e7f9fd60d4d16c8

SHA-1:

afbc0a4156660611653a0fb49b3d00c21bf5701a

SHA-256:

8b16fe3cb70c7f0927a477dfa744c1d36319781b3ced19f6de238cea8e477ca6

Scanner detections:

7 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Armageddon Labs (BrightCircle Investments Limited).

Analysis date:

4/23/2024 6:27:46 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.CrossRider

2014.12.22

AVG

Generic

2015.0.3253

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.543

Malwarebytes

PUP.Optional.Sense.A

v2014.12.22.05

Reason Heuristics

PUP.Crossrider.ArmageddonLabsBrightCircleInvestmentsLimited.S

15.1.4.17

VIPRE Antivirus

Threat.4789396

35418

File size:

374 KB (382,944 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\sense\sense-buttonutil64.exe

Digital Signature

Signed by:

Armageddon Labs (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

12/1/2014 1:00:00 AM

Valid to:

12/2/2015 12:59:59 AM

Subject:

CN=Armageddon Labs (BrightCircle Investments Limited), O=Armageddon Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C5692390E715129E144F950D09DA6E8A

File PE Metadata

Compilation timestamp:

12/21/2014 12:15:25 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:8vFf20H0YA6XVjxcYdbO+aRZWa4NsT5dTAuF62bq1gxgsNC:6Fude1afRYITNEaC

Entry address:

0x25F6C

Entry point:

48, 83, EC, 28, E8, 5B, A3, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 8C, 20, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, E7, A2, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 53, A0, FD, FF, 66, 39, 05, 4C, A0, FD, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 7B, A0, FD, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Code size:

238 KB (243,712 bytes)

The file sense-buttonutil64.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

Remove sense-buttonutil64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.