0d7c9ef9-c70e-4b1a-baad-f0c176458ea1-11.exe

Internet Speed Checker

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 0d7c9ef9-c70e-4b1a-baad-f0c176458ea1-11.exe, “Internet Speed Checker exe” by Naruto Source has been detected as adware by 16 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Internet Speed Checker by Sailor Project which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Speedchecker  (signed by Naruto Source)

Product:
Internet Speed Checker

Description:
Internet Speed Checker exe

Version:
1000.1000.1000.1000

MD5:
2a445e494c26f85b1c17fe12b84030b0

SHA-1:
327e6e02eca7f1871c9568600a92dc13a2f05e17

SHA-256:
96396193de3a20c50d220eabd3af532663ff8bbfe8126623ebfb0069a73236c4

Scanner detections:
16 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/23/2024 1:36:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.374062
898

AhnLab V3 Security
PUP/Win32.CrossRider
2014.08.21

Avira AntiVirus
Adware/Kazy.374062.506
7.11.168.120

AVG
Generic
2015.0.3376

Bitdefender
Gen:Variant.Adware.Kazy.374062
1.0.20.1160

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.374062
8.14.08.20.08

ESET NOD32
Win32/Toolbar.CrossRider.AK potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Kazy.374062
11.2014-20-08_4

G Data
Gen:Variant.Adware.Kazy.374062
14.8.24

IKARUS anti.virus
AdWare.Adload
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.494

Malwarebytes
PUP.Optional.InternetSpeedChecker.A
v2014.08.20.08

MicroWorld eScan
Gen:Variant.Adware.Kazy.374062
15.0.0.696

Panda Antivirus
Trj/Genetic.gen
14.08.20.08

Reason Heuristics
PUP.NarutoSource.h
14.8.20.18

VIPRE Antivirus
Threat.4789396
32210

File size:
1.8 MB (1,923,432 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Internet Speed Checker.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\internet speed checker\0d7c9ef9-c70e-4b1a-baad-f0c176458ea1-11.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/28/2014 2:00:00 AM

Valid to:
7/29/2015 1:59:59 AM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
8/20/2014 12:05:18 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:IM4oB/fbU11DuxbD4Ixe0yARiSu3yj1xvTDfWMhghhpSkjT7H5soJRaTzsIFtz3A:IMbUvKDflcRy1hghhpSkjTTUzn+nPRxx

Entry address:
0xE74E4

Entry point:
E8, 44, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 77, 01, 01, 00, 3B, 30, 7C, 07, E8, 6E, 01, 01, 00, 8B, 30, E8, 61, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 60, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, B0, 79, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, B0, 79, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, DB, ED...
 
[+]

Code size:
1 MB (1,099,776 bytes)

Scheduled Task
Task name:
0d7c9ef9-c70e-4b1a-baad-f0c176458ea1-11

Trigger:
Logon (Runs on logon)

Action:
0d7c9ef9-c70e-4b1a-baad-f0c176458ea1-11.exe \rawdata=ont1yoyfonajrj5rfbzxfd71rq6rrgsdthv4pzjqo


The file 0d7c9ef9-c70e-4b1a-baad-f0c176458ea1-11.exe has been discovered within the following program.

Internet Speed Checker  by Sailor Project
Internet Speed Checker is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
62% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-56.ip.secureserver.net  (184.168.221.56:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

Remove 0d7c9ef9-c70e-4b1a-baad-f0c176458ea1-11.exe - Powered by Reason Core Security