home

sfyc shopping reminder-firefoxinstaller.exe

SFYC Shopping Reminder

Shop for your Cause LLC

The application sfyc shopping reminder-firefoxinstaller.exe, “SFYC Shopping Reminder exe” by Shop for your Cause has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.
Publisher:
SFYC  (signed by Shop for your Cause LLC)

Product:
SFYC Shopping Reminder

Description:
SFYC Shopping Reminder exe

Version:
1000.1000.1000.1000

MD5:
9121e45e9b6cded40527b86079769618

SHA-1:
a2bf49f898536054ce263046bcfcb2a3cb2593a1

SHA-256:
634fa9770d67be4b1f9c92bbb81084ea0a431ef2de03d077a526a0fd0704be24

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Shop for your Cause LLC.

Analysis date:
4/26/2024 7:38:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
16.8.2.18

File size:
913.5 KB (935,400 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
SFYC Shopping Reminder.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sfyc shopping reminder\sfyc shopping reminder-firefoxinstaller.exe

Digital Signature
Signed by:
Shop for your Cause LLC

Authority:
COMODO CA Limited

Valid from:
7/20/2014 8:00:00 PM

Valid to:
7/20/2016 7:59:59 PM

Subject:
CN=Shop for your Cause LLC, O=Shop for your Cause LLC, STREET=118b N Bedford Street, L=Arlington, S=VA, PostalCode=22201, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
10A880E170F4560A24F46B2FF824DCB4

File PE Metadata
Compilation timestamp:
7/29/2014 7:03:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:t7YD6aQLEjiSFwCXB/rUg0EfXxw54HRof3W9T0B3h8ybv6t/ffShjGBWyf4yIdwN:t7YP1hFb0EfXxw5C41JGBAy0TXm

Entry address:
0x99DC0

Entry point:
E8, E5, E5, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE...
 
[+]

Entropy:
6.5532

Code size:
742 KB (759,808 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/009575/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove sfyc shopping reminder-firefoxinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.