amazon mini saver-nova.exe

Amazon Mini Saver

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application amazon mini saver-nova.exe, “Amazon Mini Saver exe” by Sailor Project has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ip-184-168-221-33.ip.secureserver.net on port 80 using the HTTP protocol. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Nero  (signed by Sailor Project)

Product:
Amazon Mini Saver

Description:
Amazon Mini Saver exe

Version:
1000.1000.1000.1000

MD5:
94f7057c605dd90223e6d01c116a9115

SHA-1:
cb4628cf8e63deb94ebc1fe9afa277b154494a02

SHA-256:
bd87a0f8a0984eef7be641937fdec99db1723278ccea9da4a6e593e47dd8ecb8

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/2/2024 11:20:00 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle.SailorPr (M)
16.6.10.7

File size:
607.4 KB (621,928 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Amazon Mini Saver.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\amazon mini saver\amazon mini saver-nova.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/17/2014 9:00:00 PM

Valid to:
7/18/2015 8:59:59 PM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/22/2014 7:05:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:O6cs1JWnNjea5+XZSWkxflK/gqBvfU7pTSdC9KAyx5:9cs1JO4mQ/eTIC9pa5

Entry address:
0x47C2C

Entry point:
E8, 5C, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, E4, 47, 00, E8, DE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, EF, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 13, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
430.5 KB (440,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-33.ip.secureserver.net  (184.168.221.33:80)

TCP (HTTP):
Connects to ip-50-63-202-55.ip.secureserver.net  (50.63.202.55:80)

TCP (HTTP):
Connects to ip-184-168-221-35.ip.secureserver.net  (184.168.221.35:80)

Remove amazon mini saver-nova.exe - Powered by Reason Core Security