» ss21.exe
Overview
Analysis
File Details

ss21.exe

Selecao Technologies (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ss21.exe by Selecao Technologies (Bright Circle Investments) has been detected as adware by 25 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

ss21.exe

Publisher:

Selecao Technologies (Bright Circle Investments Ltd) (signed and verified)

MD5:

4c00cf10fc0b4261992f70bdb713d6cd

SHA-1:

8e74272b3f15dda514177750801a6e5e1683363c

SHA-256:

3bd9f4f4d49dc2ab7d68b74502c584179fa407cb2cad371a2ee36241e75318c5

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/25/2024 2:45:47 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.173350

731

AhnLab V3 Security

PUP/Win32.OutBrowse

2015.01.25

Avira AntiVirus

ADWARE/CrossRider.Gen

7.11.204.248

AVG

Win32/DH{gRIgIiUBNgA1Tg}

2016.0.3219

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.15124

Bitdefender

Gen:Variant.Adware.Graftor.173350

1.0.20.175

Comodo Security

Application.Win32.CrossRider.KI

20937

Dr.Web

Trojan.Crossrider1.12276

9.0.1.035

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.173350

8.15.02.04.12

ESET NOD32

Win32/Toolbar.CrossRider.BS potentially unwanted application

7.0.302.0

F-Prot

W32/Downloader-Web-based!Maximu

4.6.5.141

F-Secure

Gen:Variant.Adware.Graftor.173350

11.2015-04-02_4

G Data

Gen:Variant.Adware.Graftor.173350

15.2.25

IKARUS anti.virus

PUA.CrossRider

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.193.14835

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.543

Malwarebytes

PUP.Optional.CrossRider.A

v2015.01.24.09

McAfee

Trojan.Artemis!4C00CF10FC0B

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Graftor.173350

16.0.0.105

NANO AntiVirus

Trojan.Win32.Crossrider1.dngaut

0.30.0.65070

Panda Antivirus

Trj/Genetic.gen

15.01.24.09

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Brightcircle

15.1.26.11

VIPRE Antivirus

Threat.4789396

36694

Zillya! Antivirus

Adware.CrossRider.Win32.2288

2.0.0.2051

File size:

151 KB (154,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ss21.exe

Digital Signature

Signed by:

Selecao Technologies (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/15/2014 4:00:00 PM

Valid to:

12/16/2015 3:59:59 PM

Subject:

CN=Selecao Technologies (Bright Circle Investments Ltd), O=Selecao Technologies (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3F2791037D410A199539AA4A99F7DEB3

File PE Metadata

Compilation timestamp:

1/23/2015 3:07:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:U1PikPfo0ie2FHOXv4++nUSjcvs1C8/ehoraNUXpvZyPbPumx:UMkY0iel/hUQvs1C8/ehoraNUX/yD

Entry address:

0x8CC5

Entry point:

E8, B5, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 30, 56, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 41, 32, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 30, 56, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00... 
[+]

Entropy:

6.4696

Code size:

104 KB (106,496 bytes)

Remove ss21.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.