home

sense.exe

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application sense.exe by Porter Studio Plus has been detected as adware by 9 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Qcrwthoomdg & co.  (signed by Porter Studio Plus)

Description:
Dvqfugxtbhbczs

Version:
18.1.11.13

MD5:
58a598ccb174aadda6b2ba635043f43a

SHA-1:
f4279f7ccc6026b7a73fd29e316e6a2ca05a78a8

SHA-256:
d7de8d9abcf9eab699eaa0027b5cb69b3fa5e2bbc57b5272d7b0d6c3d5a30066

Scanner detections:
9 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/16/2024 9:50:50 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3305

Clam AntiVirus
Win.Trojan.Crossrider-36
0.98/21411

ESET NOD32
Win32/Toolbar.CrossRider.BM (variant)
8.10648

IKARUS anti.virus
PUA.ScrambleWrapper
t3scan.1.8.3.0

Kaspersky
not-a-virus:HEUR:AdWare.NSIS.Adwapper
14.0.0.3018

Malwarebytes
PUP.Optional.CrossRider.A
v2014.10.31.08

NANO AntiVirus
Riskware.Nsis.Adwrapper.dgzfbk
0.28.6.62995

Reason Heuristics
PUP.PorterStudioPlus.F
14.11.3.21

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
11.5 MB (12,049,400 bytes)

Copyright:
Copyright Qracupsayqdfg

Trademarks:
Mipsmyrjclmi is a trademark of Gnujydidd

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sense.exe

Digital Signature
Signed by:
Porter Studio Plus

Authority:
COMODO CA Limited

Valid from:
10/20/2014 3:00:00 AM

Valid to:
10/21/2015 2:59:59 AM

Subject:
CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata
Compilation timestamp:
12/4/2012 3:55:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:lkBtK0+3X52GiA8JizPfaL/YFmavm5XJ9YFLbcCS44MypSONCLFxjt7EMiubl5nJ:mX9+nIGiA4kY/YUavmlJ9S444MYSfJxv

Entry address:
0x412D

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 45, 00, 56, A3, F4, E7, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, E8, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 45, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Code size:
33.5 KB (34,304 bytes)

Remove sense.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.