home

vid-savergui.exe

Vid-Saver

Amazing Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application vid-savergui.exe by Amazing Apps has been detected as adware by 27 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.
Publisher:
215 Apps  (signed by Amazing Apps)

Product:
Vid-Saver

Description:
Vid-Saver exe

Version:
1.1.143.20

MD5:
ab658096766366f6347d81df2b78cd72

SHA-1:
19be18b943be0928a98fab0d37960cf2d89eb64f

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:
4/24/2024 7:37:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.361901
918

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

Avira AntiVirus
Adware/Agent.2096984.1
7.11.121.92

AVG
SmartShopper.K
2015.0.3396

Baidu Antivirus
Trojan.Win32.Toolbar
4.0.3.14731

Bitdefender
Adware.Generic.361901
1.0.20.1060

Bkav FE
W32.Clod50d.Trojan
1.3.0.4613

Boost by Reason
Optional.AmazingApps.M
188838

Comodo Security
UnclassifiedMalware
17485

Dr.Web
Adware.Plugin.14
9.0.1.0212

Emsisoft Anti-Malware
Adware.Generic.361901
8.14.07.31.04

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9190

F-Prot
W32/GamePlay.D.gen
v6.4.7.1.166

F-Secure
Adware.Generic.361901
11.2014-31-07_5

G Data
Adware.Generic.361901
14.7.22

herdProtect (fuzzy)
variant of i want thisgui.exe (Adware)
2014.9.10.19

IKARUS anti.virus
AdWare.Agent
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10588

Malwarebytes
Adware.GamePlayLabs
v2014.07.31.04

MicroWorld eScan
Adware.Generic.361901
15.0.0.636

NANO AntiVirus
Riskware.Win32.Agent.dagoyo
0.28.0.60253

Quick Heal
Adware.Crossid (Not a Virus)
7.14.12.00

Reason Heuristics
PUP.AmazingApps.M
14.8.7.17

Sophos
AppRider
4.96

Trend Micro House Call
TROJ_GEN.R0CBC0EIF13
7.2.212

Trend Micro
TROJ_GEN.R0CBC0EIF13
10.465.31

VIPRE Antivirus
GamePlayLabs
24656

File size:
2 MB (2,096,000 bytes)

Product version:
1.1.143.20

Copyright:
Copyright 2011

Original file name:
Vid-Saver.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\vid-saver\vid-savergui.exe

Digital Signature
Signed by:
Amazing Apps

Authority:
Thawte, Inc.

Valid from:
5/1/2012 2:00:00 AM

Valid to:
5/2/2013 1:59:59 AM

Subject:
CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2E307885017928B61D4F2CEF5EB10A05

File PE Metadata
Compilation timestamp:
11/23/2011 1:21:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:cC3Hfuya1T9bzNS+P2LkPobilcLqDrWxgx6r8DMG2Fqfk3YZGxnqO:c+fuya1T9vNSLLnbilOqDrWxgx634fkz

Entry address:
0xF6D90

Entry point:
E8, 79, 9F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 20, 6A, 56, 00, 00, 75, 18, E8, F9, 96, 00, 00, 6A, 1E, E8, 43, 95, 00, 00, 68, FF, 00, 00, 00, E8, 71, FB, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 20, 6A, 56, 00, FF, 15, 58, A2, 51, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 24, 6A, 56, 00, 74, 0D, 53, E8, F0, 92, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, D4, 08, 00, 00, 89, 30, E8, CD, 08, 00, 00, 89...
 
[+]

Code size:
1.1 MB (1,150,976 bytes)

Remove vid-savergui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.