» giant savingsgui.exe
Overview
Analysis
File Details
Programs (1)

giant savingsgui.exe

Giant Savings

Amazing Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application giant savingsgui.exe, “Giant Savings exe” by Amazing Apps has been detected as adware by 23 anti-malware scanners. This file is typically installed with the program Giant Savings by 215 Apps which is a potentially unwanted software program. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links.

File name:

Publisher:

215 Apps (signed by Amazing Apps)

Product:

Giant Savings

Description:

Giant Savings exe

Version:

1.1.143.13

MD5:

a2889dd7499c6415d1d21ba857213011

SHA-1:

82d42470f0941d7e25124a380ab7211821294199

SHA-256:

ae8c08ce073af74f3df1a91827c509abb0774e1ddaeeb1100ef5d0d2e16c3648

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

7/5/2025 3:41:01 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

Adware/Agent.2096984.1

7.11.113.0

AVG

SmartShopper.K

2014.0.3619

Baidu Antivirus

Trojan.Win32.Toolbar

4.0.3.131127

Bitdefender

Adware.Generic.361901

1.0.20.1770

Boost by Reason

Optional.AmazingApps.Q

188838

Comodo Security

UnclassifiedMalware

17256

Dr.Web

Adware.Plugin.14

9.0.1.0240

Emsisoft Anti-Malware

Adware.Generic.361901

8.13.12.20.05

ESET NOD32

Win32/Toolbar.CrossRider (variant)

7.9010

F-Prot

W32/GamePlay.D.gen

v6.4.7.1.166

F-Secure

Adware.Generic.361901

11.2013-20-12_6

G Data

Adware.Generic.361901

13.12.22

herdProtect (fuzzy)

variant of i want thisgui.exe (Adware)

2013.12.20.17

K7 AntiVirus

Adware

13.173.10162

Malwarebytes

PUP.GamePlayLabs

v2013.08.28.09

MicroWorld eScan

Adware.Generic.361901

14.0.0.1062

Quick Heal

Adware.Crossid (Not a Virus)

12.13.12.00

Reason Heuristics

PUP.AmazingApps.Q

14.8.7.17

Sophos

AppRider

4.94

Trend Micro House Call

TROJ_GEN.R0CBC0EIF13

7.2.354

Trend Micro

TROJ_GEN.R0CBC0EIF13

10.465.20

VIPRE Antivirus

GamePlayLabs

23084

File size:

2 MB (2,096,000 bytes)

Product version:

1.1.143.13

Original file name:

Giant Savings.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\temp\~\giant savingsgui.exe

Digital Signature

Signed by:

Amazing Apps

Authority:

Thawte, Inc.

Valid from:

4/30/2012 5:00:00 PM

Valid to:

5/1/2013 4:59:59 PM

Subject:

CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2E307885017928B61D4F2CEF5EB10A05

File PE Metadata

Compilation timestamp:

11/23/2011 4:21:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:cC3Hfuya1T9bzNS+P2LkPobilcLqDrWxgx6r8DMG2Fqfk3YZGxnqC:c+fuya1T9vNSLLnbilOqDrWxgx634fkH

Entry address:

0xF6D90

Entry point:

E8, 79, 9F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 20, 6A, 56, 00, 00, 75, 18, E8, F9, 96, 00, 00, 6A, 1E, E8, 43, 95, 00, 00, 68, FF, 00, 00, 00, E8, 71, FB, FF, FF, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 20, 6A, 56, 00, FF, 15, 58, A2, 51, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 24, 6A, 56, 00, 74, 0D, 53, E8, F0, 92, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, D4, 08, 00, 00, 89, 30, E8, CD, 08, 00, 00, 89... 
[+]

Entropy:

5.6486

Code size:

1.1 MB (1,150,976 bytes)

The file giant savingsgui.exe has been discovered within the following program.

Giant Savings by 215 Apps

Giant Savings from 215 Apps (Amazing Apps/50onRed) installs a web browser extension (Internet Explorer Browser Helper Object) to view web pages loaded and looks for affiliated merchants in order to possibly provide better pricing or alternative deals on a given product or merchant.

giant-savings.com

85% remove it

Remove giant savingsgui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.