home

sm8ms-codedownloader.exe

Sm8mS

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application sm8ms-codedownloader.exe by Sailor Project has been detected as adware by 40 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for smart-saverplus extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
smart-saverplus  (signed by Sailor Project)

Product:
Sm8mS

Description:
Sm8mS exe

Version:
1000.1000.1000.1000

MD5:
a80882075f80c4ada6e57def1a3a7351

SHA-1:
e00e41eb90a64f425259ce1e2b2a85d13514d6ff

SHA-256:
317a322b5c0aa76e96e64487fc79912899e3504713fcc1dcb969f9feaaa2231f

Scanner detections:
40 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Sailor Project.

Analysis date:
4/19/2024 12:43:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.374109
925

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2014.07.08

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.163.240

avast!
Win32:SaliCode
2014.9-140726

AVG
Generic
2015.0.3401

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14726

Bitdefender
Gen:Variant.Adware.Kazy.374109
1.0.20.1030

Bkav FE
W32.Sality.PE
1.3.0.4959

Comodo Security
Virus.Win32.Sality.Gen
18799

Dr.Web
Win32.Sector.22
9.0.1.0207

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.374109
8.14.07.25.11

ESET NOD32
Win32/Toolbar.CrossRider.AG potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Toolbar_CrossRider
7/26/2014

F-Prot
W32/Sality.gen2
v6.4.6.5.141

F-Secure
Gen:Variant.Adware.Kazy.374109
11.2014-25-07_6

G Data
Gen:Variant.Adware.Kazy.374109
14.7.24

IKARUS anti.virus
not-a-virus:WebToolbar.CrossRider
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.180.12643

Kaspersky
Virus.Win32.Sality
14.0.0.3502

Malwarebytes
PUP.Optional.SmartSaver.A
v2014.07.25.11

McAfee
W32/Sality.gen.z
5600.7057

Microsoft Security Essentials
Threat.Undefined
1.177.1852.0

MicroWorld eScan
Gen:Variant.Adware.Kazy.374109
15.0.0.618

NANO AntiVirus
Virus.Win32.Sality.beygb
0.28.0.60577

Norman
Sality.ZHB
11.20140726

nProtect
Virus/W32.Sality.D
14.07.07.01

Panda Antivirus
Trj/Genetic.gen
14.07.25.11

Qihoo 360 Security
Win32/Virus.Adware.967
1.0.0.1015

Quick Heal
W32.Sality.U
7.14.14.00

Reason Heuristics
PUP.Crossrider.Task.U
14.7.27.12

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14724

Sophos
AppRider
4.98

Total Defense
Win32/Sality.AA
37.0.11044

Trend Micro House Call
PE_SALITY.RL
7.2.207

Trend Micro
PE_SALITY.RL
10.465.26

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4789396
31208

ViRobot
Win32.Sality.N
2011.4.7.4223

Zillya! Antivirus
Virus.Sality.Win32.20
2.0.0.1849

File size:
547.4 KB (560,488 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Sm8mS.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sm8ms\sm8ms-codedownloader.exe

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/18/2014 2:00:00 AM

Valid to:
7/19/2015 1:59:59 AM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/24/2014 12:04:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:vIEr7LoQtBH4u1avmpEStvpGfYaKjva8ZXXKEUpTEX:vtLoQtBH4u1auvtvUf7YQhTi

Entry address:
0x47F23

Entry point:
E8, B6, DD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4...
 
[+]

Code size:
430.5 KB (440,832 bytes)

Scheduled Task
Task name:
deebc563-64b0-4e80-ba7c-6ba4d6923cd6-1

Trigger:
Logon (Runs on logon)

Action:
sm8ms-codedownloader.exe \soryhv \mqdob=task \rhqlrk='sm8ms' \ikorvolo=4892


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/001749/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove sm8ms-codedownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.