home

thiylgrujqqpoj.exe

Sense

Sense+

The application thiylgrujqqpoj.exe has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Sense+

Product:
Sense

Description:
Sense Installer

Version:
1.36.01.22

MD5:
faa7632100d0700432b7a487c7355abf

SHA-1:
14bf517900d7123e46f3bd68c0270d56f00a0c49

SHA-256:
dd4ef379228289a7320f7ea48c1ff8cc49be8bb96f72c457b166afaf49114af8

Scanner detections:
23 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/19/2024 4:30:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.JS.Agent.AM
5775175

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.14

Avira AntiVirus
ADWARE/CrossRider.10144806
8.3.1.6

AVG
Crossrider
2016.0.3079

Dr.Web
infected with Trojan.Crossrider.46916
9.0.1.05190

ESET NOD32
Win32/Toolbar.CrossRider.CM potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
6/13/2015

G Data
Script.Application.Plush
15.6.25

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.Sense.A
v2015.06.13.05

McAfee
Trojan.Artemis!60B9E45973B5
17.6.569.0

MicroWorld eScan
Gen:Application.Parj.1
16.0.0.492

Panda Antivirus
Trj/CI.A
15.06.13.05

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
JS.Adware.CrossRider.A
6.15.14.00

Reason Heuristics
PUP.Downloader.Installer
15.6.13.13

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15611

Trend Micro House Call
Suspici.34A7C78E
7.2.164

Trend Micro
ADW_CROSSRIDER
10.465.13

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Threat.4150696
40828

Zillya! Antivirus
Trojan.BlackGen.Win32.11
2.0.0.2221

File size:
9.7 MB (10,144,806 bytes)

Copyright:
Copyright Sense+

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\thiylgrujqqpoj.exe

File PE Metadata
Compilation timestamp:
12/4/2012 1:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:2bt2sl/to6Q6tXKClztzq9EMXWohqKFHri87Fe3MG21uPNAl/y3nlsAkENLJyDp:Qbboozo9/mohqmiOuVWRyuAkJN

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.18.244:80)

TCP (HTTP):
Connects to ec2-54-243-98-31.compute-1.amazonaws.com  (54.243.98.31:80)

Remove thiylgrujqqpoj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.