» youshopping-chromeinstaller.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

youshopping-chromeinstaller.exe

YouShopping

Ventury Media

The application youshopping-chromeinstaller.exe by Ventury Media has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The file utilizes the Crossrider browser extension platform. ChromeInstaller is the component designed to install and manage the extension's Google Chrome integration.

File name:

Publisher:

Ventury Media (signed and verified)

Product:

YouShopping

Description:

YouShopping exe

Version:

1000.1000.1000.1000

MD5:

03f10240e6156a4edbbceff0528299a3

SHA-1:

cd1774df799b53cdfe22100f856bcc3584facb2a

SHA-256:

47b3d1badcaa78646f0f28a5fb7cceab755c02fe3ff21e99440638b8fbe580d7

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install the extension for Gogole Chrome.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Ventury Media.

Analysis date:

5/8/2024 11:34:20 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider (M)

17.1.21.18

File size:

812.9 KB (832,384 bytes)

Product version:

1000.1000.1000.1000

Original file name:

YouShopping.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\youshopping\youshopping-chromeinstaller.exe

Digital Signature

Signed by:

Ventury Media

Authority:

Thawte, Inc.

Valid from:

10/14/2013 2:00:00 AM

Valid to:

10/15/2014 1:59:59 AM

Subject:

CN=Ventury Media, O=Ventury Media, L=bergerac, S=dordogne, C=FR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

227C91379426395851CF4538358DA932

File PE Metadata

Compilation timestamp:

12/16/2013 10:51:41 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x85ECB

Entry point:

E8, 3E, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, 8B, 7B, 08, 33, 3D, 88, 9E, 4C, 00, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 8D, 73, 10, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 96, B6, FF, FF, 8B, 4F, 0C, 8B, 47, 08, 03, CE, 33, 0C, 30, E8, 86, B6, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, D0, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8... 
[+]

Code size:

661.5 KB (677,376 bytes)

Scheduled Task

Task name:

YouShopping-chromeinstaller

Trigger:

Logon (Runs on logon)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/005587/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove youshopping-chromeinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.