home

pingle savebar-buttonutil64.exe

Pingle SaveBar

Reddoor media group co.,Ltd

The application pingle savebar-buttonutil64.exe, “Pingle SaveBar exe” by Reddoor media group co.,Ltd has been detected as adware by 3 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Reddoor  (signed by Reddoor media group co.,Ltd)

Product:
Pingle SaveBar

Description:
Pingle SaveBar exe

Version:
1000.1000.1000.1000

MD5:
b97538791f1292dafd1ed88461dd782d

SHA-1:
7fc5a283a0b2dd16c317c247f832da6018712e7b

SHA-256:
f359ba359a47b5316b312a905263e2062fbd254f5cf8b0e2043d3ac94e3cff28

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Reddoor media group co.,Ltd.

Analysis date:
5/18/2024 8:57:54 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win64/Toolbar.Crossrider.A potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Crossrider.ReddoormediagroupcoLtd.BB
14.5.27.6

VIPRE Antivirus
Threat.4789396
29560

File size:
436.9 KB (447,384 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Pingle SaveBar.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\pingle savebar\pingle savebar-buttonutil64.exe

Digital Signature
Signed by:
Reddoor media group co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
6/12/2013 8:00:00 AM

Valid to:
6/13/2014 7:59:59 AM

Subject:
CN="Reddoor media group co.,Ltd", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Reddoor media group co.,Ltd", L=Taipei, S=Taipei, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
07044F2CDD35722B453856E51ABEFE92

File PE Metadata
Compilation timestamp:
8/12/2013 5:46:43 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:/sDw3GMZ0yKDzfFk0C2q+TKdGmvOn+UKc439e4+mkT5l8sX62ZShLRbtKeciKCTe:kDw3GD/9gd0uBX3efYhNUCT4Ikv

Entry address:
0x304B8

Entry point:
48, 83, EC, 28, E8, 7F, B3, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 40, 55, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 50, 48, 8D, 6C, 24, 40, 48, 89, 5D, 40, 48, 89, 75, 48, 48, 89, 7D, 50, 48, 8B, 05, FE, 72, 03, 00, 48, 33, C5, 48, 89, 45, 08, 8B, 5D, 60, 33, FF, 4D, 8B, F1, 45, 8B, F8, 89, 55, 00, 85, DB, 7E, 2A, 44, 8B, D3, 49, 8B, C1, 41, FF, CA, 40, 38, 38, 74, 0C, 48, FF, C0, 45, 85, D2, 75, F0, 41, 83, CA, FF, 8B, C3, 41, 2B, C2, FF, C8, 3B, C3, 8D, 58, 01, 7C, 02, 8B, D8, 44, 8B, 65...
 
[+]

Entropy:
6.2042

Code size:
290.5 KB (297,472 bytes)

Remove pingle savebar-buttonutil64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.