» xkldsw.exe
Overview
Analysis
File Details
Behaviors (1)

xkldsw.exe

Blondie Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application xkldsw.exe, “System NotifierV03.03 exe” by Blondie Project (Bright Circle Investments) has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named XKLDSW triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

xkldsw.exe

Publisher:

System NotifierV03.03 (signed by Blondie Project (Bright Circle Investments Ltd))

Product:

System NotifierV03.03

Description:

System NotifierV03.03 exe

Version:

1000.1000.1000.1000

MD5:

f781185ed428736dfd189d55043a43d2

SHA-1:

dd335e5185ce1f7bbe94a850b4663dd7e6165f5b

SHA-256:

2a087708730183382880ca3970a5df54600c042bbf2b364c65bb8da38e09460b

Scanner detections:

21 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

5/1/2024 6:41:39 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.5v1@m0vyjmnO

703

AhnLab V3 Security

PUP/Win32.CrossRider

2015.03.06

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.214.42

avast!

Win32:Malware-gen

2014.9-150304

AVG

Generic

2016.0.3181

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.1534

Bitdefender

Gen:Application.Heur.5v1@m0vyjmnO

1.0.20.315

Comodo Security

Application.Win32.Plush.GRI

21311

Dr.Web

Trojan.Crossrider1.21680

9.0.1.0161

Emsisoft Anti-Malware

Gen:Application.Heur.5v1@m0vyjmnO

8.15.06.10.06

ESET NOD32

Win32/Toolbar.CrossRider.CB potentially unwanted application

9.7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.5v1@m0vyjmnO

11.2015-04-03_4

G Data

Gen:Application.Heur.5v1@m0vyjmnO

15.3.25

herdProtect (fuzzy)

variant of mkljegs.exe (Adware)

2015.6.10.18

Malwarebytes

PUP.Optional.SystemNotifier.A

v2015.03.04.05

MicroWorld eScan

Gen:Application.Heur.5v1@m0vyjmnO

16.0.0.189

Norman

Gen:Application.Heur.5v1@k0vyjmnO

11.20150610

Panda Antivirus

Trj/Genetic.gen

15.03.04.05

Quick Heal

PUA.BrightCircle.OD6

3.15.14.00

Reason Heuristics

Adware.BrightCircle.Task

15.3.4.5

VIPRE Antivirus

Threat.4789396

38050

File size:

1.9 MB (1,986,520 bytes)

Product version:

1000.1000.1000.1000

Original file name:

System NotifierV03.03.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\xkldsw.exe

Digital Signature

Signed by:

Blondie Project (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 11:00:00 AM

Valid to:

12/17/2015 10:59:59 AM

Subject:

CN=Blondie Project (Bright Circle Investments Ltd), O=Blondie Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0903CC287C7EEA81D3C21DBB234D320C

File PE Metadata

Compilation timestamp:

3/3/2015 4:05:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:KJBUXe1wZmcqQnH5uQyw4jzAgpSZpTpZ1V1Dz4:3Xe6mnCZudw4jIq

Entry address:

0xF3E21

Entry point:

E8, 5D, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 90, FE, 00, 00, 3B, 30, 7C, 07, E8, 87, FE, 00, 00, 8B, 30, E8, 7A, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, E0, 84, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, E0, 84, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, F4, EA... 
[+]

Entropy:

6.8655

Code size:

1.1 MB (1,163,264 bytes)

Scheduled Task

Task name:

XKLDSW

Trigger:

Logon (Runs on logon)

Remove xkldsw.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.