» suprasavingsservice64.exe
Overview
Analysis
File Details
Behaviors (1)

suprasavingsservice64.exe

The application suprasavingsservice64.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “SupraSavingsService64”.

File name:

MD5:

1a6636d0e7e38ceb2b6b2e00ac17a4af

SHA-1:

ed3ae0c892b53c95bd9bde74aee8396d41b3af87

SHA-256:

6649e824e6c0cd3fac84bb395a340170807068a290e6f2a1ce84cb803fd684c9

Scanner detections:

29 / 68

Status:

Potentially unwanted

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

4/19/2024 2:52:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.AT

856

Agnitum Outpost

Trojan.BPlug

7.1.1

avast!

Win64:Adware-C [Adw]

2014.9-140626

AVG

Generic_r

2015.0.3334

Baidu Antivirus

Adware.Win32.ADSave

4.0.3.14102

Bitdefender

Adware.SwiftBrowse.AT

1.0.20.1375

Comodo Security

ApplicUnwnt

19513

Dr.Web

Trojan.BPlug.114

9.0.1.0275

Emsisoft Anti-Malware

Adware.SwiftBrowse.AT

8.14.10.02.08

ESET NOD32

Win64/Adware.Adpeak (variant)

8.10416

F-Secure

Adware.SwiftBrowse.AT

11.2014-02-10_5

G Data

Adware.SwiftBrowse.AT

14.10.24

IKARUS anti.virus

AdWare.SwiftBrowse

t3scan.1.7.8.0

K7 AntiVirus

Adware

13.183.13535

Kaspersky

not-a-virus:AdWare.Win64.AdPeak

14.0.0.3135

McAfee

RDN/Generic PUP.x!clf

5600.6990

MicroWorld eScan

Adware.SwiftBrowse.AT

15.0.0.825

NANO AntiVirus

Trojan.Win64.Generic.deincy

0.28.2.61942

nProtect

Adware.SwiftBrowse.AT

14.09.14.01

Panda Antivirus

Trj/Chgt.D

14.10.02.08

Quick Heal

AdWare.Win64.r6 (Not a Virus)

10.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.10.8.0

Rising Antivirus

PE:Trojan.Win32.Generic.17254D52!388320594

23.00.65.141006

Sophos

AdPeak

4.98

Trend Micro House Call

ADW_SWIFTBROWSE

7.2.275

Trend Micro

ADW_SWIFTBROWSE

10.465.02

Vba32 AntiVirus

AdWare.Win64.AdPeak

3.12.26.3

VIPRE Antivirus

Adpeak

33118

Zillya! Antivirus

Adware.Adpeak.Win64.9

2.0.0.1922

File size:

168.5 KB (172,544 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\cb78f643-3729-434f-8c25-f28d15f025f3\suprasavingsservice64.exe

File PE Metadata

Compilation timestamp:

6/25/2014 5:43:34 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

3072:ukhqwLwu6q1tQn/LMeI4jbT9VpSOlg9BfRnnNv:uPwLwG1tQn/LRzPT9VpSOlEvN

Entry address:

0xE23C

Entry point:

48, 83, EC, 28, E8, 4F, 6F, 00, 00, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 7C, 24, 18, 55, 48, 8B, EC, 48, 83, EC, 60, 48, 8B, FA, 48, 8B, D9, 48, 8D, 4D, C0, 48, 8D, 15, 6D, F6, 00, 00, 41, B8, 40, 00, 00, 00, E8, 52, ED, FF, FF, 48, 8D, 55, 10, 48, 8B, CF, 48, 89, 5D, E8, 48, 89, 7D, F0, E8, A0, D5, 00, 00, 4C, 8B, D8, 48, 89, 45, 10, 48, 89, 45, F8, 48, 85, FF, 74, 1B, F6, 07, 08, B9, 00, 40, 99, 01, 74, 05, 89, 4D, E0, EB, 0C, 8B, 45, E0, 4D, 85, DB, 0F, 44, C1, 89, 45... 
[+]

Code size:

110.5 KB (113,152 bytes)

Service

Display name:

SupraSavingsService64

Type:

Win32OwnProcess

Remove suprasavingsservice64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.