home

SensePlus.exe

SensePlus

Armageddon Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The file SensePlus.exe by Armageddon Labs (BrightCircle Investments Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program SensePlus by BrightCircle Investments Limited which is a potentially unwanted software program. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Object Browser  (signed by Armageddon Labs (BrightCircle Investments Limited))

Product:
SensePlus

Description:
SensePlus exe

Version:
1000.1000.1000.1000

MD5:
1e611a804819eea5c3300937cbc7ed8c

SHA-1:
4e600c93517da2e10e6f3b14b0cb995cb8ce5322

SHA-256:
2741ec6e7b60425d8878f03961a457ed7d235c1e27edabbc364c61db9b7a6bce

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 4:53:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.BrightCircle.ObjectBrowser (M)
16.2.25.18

File size:
1.1 MB (1,148,896 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SensePlus.exe

Common path:
C:\users\{user}\appdata\local\virtualstore\Program Files\senseplus\3ec7dc45-44e1-4547-807b-7a2bffdecad8-7.exe.tmp

Digital Signature
Signed by:
Armageddon Labs (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
12/1/2014 9:00:00 AM

Valid to:
12/2/2015 8:59:59 AM

Subject:
CN=Armageddon Labs (BrightCircle Investments Limited), O=Armageddon Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C5692390E715129E144F950D09DA6E8A

File PE Metadata
Compilation timestamp:
12/20/2014 8:16:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:FFTFKlbA2ORxe4eL7HuLQfjzVFJo2upSYpNVTlqf:FLKlbDOX8L6LQQ2upSYbVT2

Entry address:
0xA3622

Entry point:
E8, CD, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00...
 
[+]

Entropy:
6.5716

Code size:
830.5 KB (850,432 bytes)

The file SensePlus.exe has been discovered within the following program.

SensePlus  by BrightCircle Investments Limited
Publisher's description - “SensePlus is an online shopping tool that combines cash back, discounts and online coupons. Our browser app uses tools to look at your browsing activity to make sure we notify you with coupons and offers that are relevant to you.”
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.64.98:80)

Remove SensePlus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.