5365.exe

Shop and Save Up

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 5365.exe, “Shop and Save Up exe” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 27 anti-malware scanners. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
InstallMonetizer  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
Shop and Save Up

Description:
Shop and Save Up exe

Version:
1000.1000.1000.1000

MD5:
bfd37a326864f7b1d4b6dfe0af61da3a

SHA-1:
f8e070bb2ad9f9615d61f0d99323eff02f948fd6

SHA-256:
51491121c5a6388b2d7c68603d2a89f51c8b5872e4cf18b3b836c09a392f97e4

Scanner detections:
27 / 68

Status:
Adware

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
12/29/2024 12:20:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.188636
557

AhnLab V3 Security
PUP/Win32.CrossRider
2015.07.24

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Trojan.Adware.Graftor.D2E0DC
1.0.0.425

avast!
Win32:Adware-CMH [PUP]
2014.9-150727

AVG
Crossrider_r
2016.0.3035

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15727

Bitdefender
Gen:Variant.Adware.Graftor.188636
1.0.20.1040

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Trojan.Crossrider1.22993
9.0.1.0208

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.188636
8.15.07.27.02

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.11983

Fortinet FortiGate
Adware/Adwapper
7/27/2015

G Data
Gen:Variant.Adware.Graftor.188636
15.7.25

K7 AntiVirus
Unwanted-Program
13.207.16653

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1672

Malwarebytes
PUP.Optional.CinemaPlus.A
v2015.07.27.02

McAfee
Artemis!BFD37A326864
5600.6691

MicroWorld eScan
Gen:Variant.Adware.Graftor.188636
16.0.0.624

Panda Antivirus
Trj/Genetic.gen
15.07.27.02

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.Badfingerp.Gen
7.15.14.00

Reason Heuristics
Adware.BrightCircle.InstallMonetizer (M)
15.7.27.14

Rising Antivirus
PE:Trojan.GoogUpdate!6.1E39
23.00.65.15725

SUPERAntiSpyware
Adware.CrossRider/Variant
9728

VIPRE Antivirus
Crossrider
42260

File size:
1.3 MB (1,314,272 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Shop and Save Up.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\5365.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/16/2014 4:00:00 PM

Valid to:
11/17/2015 3:59:59 PM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
7/22/2015 11:05:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Sf1x9SegT+XxVuNhdScl7Khd0SWMhgT5pSeriCO4+6sc4tTYqhfFE:Sx8UBcdp7BzT5pSeriCOn6sc4tTY2fFE

Entry address:
0xA1A2D

Entry point:
E8, CB, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, E9, 51, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, B1, 51, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, E9, 51, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Entropy:
6.4979

Code size:
823.5 KB (843,264 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.114.121:80)

Remove 5365.exe - Powered by Reason Core Security