home

color-my-facebook.exe

Color My Facebook

Duval

The application color-my-facebook.exe, “Color My Facebook Installer” has been detected as a potentially unwanted program by 21 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from app-static.crossrider.com.
Publisher:
Duval

Product:
Color My Facebook

Description:
Color My Facebook Installer

Version:
1.23.151.151

MD5:
81ef392811ada61bda9453d8211da680

SHA-1:
e2e77e6dda6f1ac5563a4b93dd99d679b7f90319

SHA-256:
e50e80d4e9eb22f32d0ea58a8584305485e1f76b7009e45075199995fa8e94dc

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/27/2024 3:46:41 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NNP
210

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.1678

Bitdefender
Adware.Agent.NNP
1.0.20.950

Bkav FE
HW32.CDB
1.3.0.4959

Dr.Web
Adware.Plugin.14
9.0.1.0190

Emsisoft Anti-Malware
Adware.Agent.NNP
8.16.07.08.11

ESET NOD32
Win32/Toolbar.CrossRider
10.9903

F-Secure
Adware.Agent.NNP
11.2016-08-07_6

G Data
Adware.Agent.NNP
16.7.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.1712319

Malwarebytes
PUP.Optional.ColorMyFacebook.A
v2016.07.08.11

McAfee
Artemis!81EF392811AD
5600.6344

MicroWorld eScan
Adware.Agent.NNP
17.0.0.570

NANO AntiVirus
Trojan.Win32.Plugin.crbipj
0.28.0.60100

nProtect
Adware.Agent.NNP
14.06.05.01

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.16706

Sophos
Generic PUA OC
4.98

Trend Micro House Call
HV_AGEN.A6735F4A
7.2.190

Vba32 AntiVirus
Trojan.Agent
3.12.26.0

VIPRE Antivirus
Crossrider
30004

File size:
674.8 KB (691,000 bytes)

Copyright:
Copyright Duval

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\color-my-facebook.exe

File PE Metadata
Compilation timestamp:
1/5/2010 2:09:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
12288:TTAYjhDbBYrp74ex/OCMSUuebd6uTfLdZu/XjAxOOaA2lVw75e989IIWf4GZS:TTAYjhvBYrp75x/OjSagifLdmjAxObK9

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Entropy:
7.9456  (probably packed)

Code size:
33 KB (33,792 bytes)

The file color-my-facebook.exe has been seen being distributed by the following URL.

http://app-static.crossrider.com/installer/3847/8396800/.../0/.../color-my-facebook.exe

Remove color-my-facebook.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.