» uhzuoedpq.exe
Overview
Analysis
File Details
Network (3)

uhzuoedpq.exe

SensePlus

Sense+

The application uhzuoedpq.exe, “SensePlus Installer” has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.

File name:

uhzuoedpq.exe

Publisher:

Sense+

Product:

SensePlus

Description:

SensePlus Installer

Version:

1.36.01.22

MD5:

e439d38bcb661c24e3b8373966919fd4

SHA-1:

dae65971c544c3d82fcb2b5e5e3907ebcbfb9826

SHA-256:

5475bcd5f24c876173496f33354a38986ad121c7d4a369289cd37444de544f7c

Scanner detections:

26 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

5/21/2024 5:04:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Parj.1

600

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.06.09

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.1.6

avast!

NSIS:Crossrider-ES [PUP]

2014.9-150615

AVG

Crossrider

2016.0.3078

Dr.Web

Trojan.Crossrider.46916

9.0.1.0166

ESET NOD32

Win32/Toolbar.CrossRider.CM potentially unwanted (variant)

9.11755

Fortinet FortiGate

Riskware/CrossRider

6/15/2015

G Data

Script.Application.Plush

15.6.25

K7 AntiVirus

Adware

13.204.16176

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1883

Malwarebytes

PUP.Optional.Sense.A

v2015.06.15.07

McAfee

Artemis!F02C5744DAE0

5600.6734

MicroWorld eScan

Gen:Application.Parj.1

16.0.0.498

Panda Antivirus

Trj/CI.A

15.06.15.07

Qihoo 360 Security

HEUR/QVM20.1.Malware.Gen

1.0.0.1015

Quick Heal

JS.Adware.CrossRider.A

6.15.14.00

Reason Heuristics

PUP.Downloader.Installer

15.6.15.3

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15613

Sophos

Generic PUA GP

4.98

Trend Micro House Call

Suspici.B3D8636C

7.2.166

Trend Micro

ADW_CROSSRIDER

10.465.15

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Adware.Agent

40956

Zillya! Antivirus

Trojan.BlackGen.Win32.11

2.0.0.2214

File size:

9.7 MB (10,203,301 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\uhzuoedpq.exe

File PE Metadata

Compilation timestamp:

12/4/2012 2:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:Qxks/fM+rlThDr8tqaFdK1ixM9jKZIuh3sq1bJLeCZCEYmIULZk:QxX7xlRaQixBZIWTd+m/LZk

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.10:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.80.154:80)

TCP (HTTP):

Connects to ec2-54-243-114-196.compute-1.amazonaws.com (54.243.114.196:80)

Remove uhzuoedpq.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.