3cd2f285-f6b7-45b8-94c6-b0f0888b836c-6.exe

SensePlus

Airplane Networks (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 3cd2f285-f6b7-45b8-94c6-b0f0888b836c-6.exe by Airplane Networks (BrightCircle Investments Limited) has been detected as adware by 13 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program SensePlus by BrightCircle Investments Limited which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Object Browser  (signed by Airplane Networks (BrightCircle Investments Limited))

Product:
SensePlus

Description:
SensePlus exe

Version:
1000.1000.1000.1000

MD5:
6cfce2460c43add01d26df51eb4f5cb7

SHA-1:
2f4ee27c3e9f016195010468e1890a30fb569a7f

SHA-256:
8358df2f1c4cd5feda795fdf15e5da41380ba9c2aea58e8046edb58160884f0e

Scanner detections:
13 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/23/2024 6:20:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.oz1@myghK4ci
757

AVG
Generic
2016.0.3235

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.1518

Bitdefender
Gen:Application.Heur.oz1@myghK4ci
1.0.20.40

ESET NOD32
Win32/Toolbar.CrossRider.BM (variant)
9.10947

F-Secure
Gen:Application.Heur.oz1@myghK4ci
11.2015-08-01_5

G Data
Gen:Application.Heur.oz1@myghK4ci
15.1.24

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.8.5.0

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2672

Malwarebytes
PUP.Optional.SensePlus.A
v2015.01.08.04

MicroWorld eScan
Gen:Application.Heur.oz1@myghK4ci
16.0.0.24

Panda Antivirus
Generic Suspicious
15.01.08.04

Reason Heuristics
PUP.Crossrider.Task.g
15.1.8.16

File size:
1.2 MB (1,279,976 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
SensePlus.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\senseplus\3cd2f285-f6b7-45b8-94c6-b0f0888b836c-6.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/30/2014 8:00:00 PM

Valid to:
12/1/2015 7:59:59 PM

Subject:
CN=Airplane Networks (BrightCircle Investments Limited), O=Airplane Networks (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ADA185AFC7F23D3C115D613E31289B

File PE Metadata
Compilation timestamp:
12/30/2014 7:06:38 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:lxalRtrx34bmjCth2YqzYhYXbtUegxTSpSyL8PDuyC5iqRIDjP/:lU1ICj42yuX5UbTSpSwIysqRIDjP/

Entry address:
0x985C8

Entry point:
E8, 91, 01, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, 0B, 50, 00, E8, F2, 76, 00, 00, E8, C6, 53, 00, 00, 0F, B7, F0, 6A, 02, E8, 24, 01, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 24, 8E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4345

Code size:
796 KB (815,104 bytes)

Scheduled Task
Task name:
3cd2f285-f6b7-45b8-94c6-b0f0888b836c-6

Trigger:
Logon (Runs on logon)


The file 3cd2f285-f6b7-45b8-94c6-b0f0888b836c-6.exe has been discovered within the following program.

SensePlus  by BrightCircle Investments Limited
Publisher's description - “SensePlus is an online shopping tool that combines cash back, discounts and online coupons. Our browser app uses tools to look at your browsing activity to make sure we notify you with coupons and offers that are relevant to you.”
82% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-50-63-202-54.ip.secureserver.net  (50.63.202.54:80)

Remove 3cd2f285-f6b7-45b8-94c6-b0f0888b836c-6.exe - Powered by Reason Core Security