» sense-nova.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (13)

sense-nova.exe

Sense

Object Browser

The application sense-nova.exe has been detected as adware by 27 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address ip-50-63-202-55.ip.secureserver.net on port 80 using the HTTP protocol.

File name:

sense-nova.exe

Publisher:

Object Browser

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

36363165cc916548784a712f488313b5

SHA-1:

3aa4d8581911e00c45ff15542970c33440e62492

SHA-256:

edcd322366b73bd58a8083d3c4d2f657b3cb0671e0f43c72358b1e9330d00a00

Scanner detections:

27 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

5/21/2024 8:37:58 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.19680

928

Agnitum Outpost

PUA.AdLoad

7.1.1

AhnLab V3 Security

PUP/Win32.Toolbar

2014.07.09

Avira AntiVirus

Adware/CrossRider.A.4953

7.11.152.176

avast!

Win32:Adware-gen [Adw]

2014.9-140721

AVG

Generic_r

2015.0.3406

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14721

Bitdefender

Gen:Variant.Kazy.19680

1.0.20.1010

Bkav FE

W32.CrossRiderD.Adware

1.3.0.4959

Emsisoft Anti-Malware

Gen:Variant.Kazy.19680

8.14.07.21.05

ESET NOD32

Win32/Toolbar.CrossRider.AE (variant)

8.10067

Fortinet FortiGate

Riskware/Toolbar_CrossRider

7/21/2014

F-Prot

W32/A-7d811582

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.19680

11.2014-21-07_2

G Data

Win32.Application.Plush

14.7.24

IKARUS anti.virus

PUA.OptionalInst.Goobzo

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.178.12278

Malwarebytes

PUP.Optional.Sense.A

v2014.07.09.07

McAfee

Artemis!768454CDA6CA

5600.7062

MicroWorld eScan

Gen:Variant.Kazy.19680

15.0.0.606

NANO AntiVirus

Riskware.Win32.AdLoad.dbihow

0.28.0.60253

Panda Antivirus

Trj/Genetic.gen

14.07.21.05

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.21.17

Sophos

AppRider

4.98

Trend Micro House Call

Suspicious_GEN.F47V0704

7.2.202

VIPRE Antivirus

Crossrider

31110

File size:

586 KB (600,064 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\sense\sense-nova.exe

File PE Metadata

Compilation timestamp:

7/8/2014 3:12:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:pSW6tD1gG74GMx3DIZ/vIHXsWyAvpTIBSMal9:8W6tDRi8qsP4TO2l9

Entry address:

0x459DC

Entry point:

E8, 5A, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, A1, 47, 00, E8, DE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, ED, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 13, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3102

Code size:

416 KB (425,984 bytes)

Scheduled Task

Task name:

66f8173a-0e00-462e-91c9-747f0d978aad-7

Trigger:

Logon (Runs on logon)

Action:

sense-nova.exe \qeyfuexq='sense' \qbksxqapk=48292 \tgxqyh='000803

The file sense-nova.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.98.114:80)

TCP (HTTP):

Connects to linux17.sadecehosting.com (188.132.129.17:80)

TCP (HTTP):

Connects to reverse-77-79-81-241.pusula.net.tr (77.79.81.241:80)

TCP (HTTP):

Connects to 74-208-236-250.elastic-ssl.ui-r.com (74.208.236.250:80)

TCP (HTTP):

Connects to server-178.211.62.129.as42926.net (178.211.62.129:80)

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

Remove sense-nova.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.