bringtofront.exe

Ghostery IE

Evidon, Inc.

The application bringtofront.exe by Evidon has been detected as a potentially unwanted program by 12 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Evidon Inc.  (signed by Evidon, Inc.)

Product:
Ghostery IE

Description:
Ghostery IE exe

Version:
1.1.153.38

MD5:
343f37de502fd0a045bfc37f0889979e

SHA-1:
c277abd62d1e06834316c792f0a18443fb42a115

SHA-256:
9bd0cd76921d5db2463ef456fb9937bbc6f5740c2033e4df8fbf8a1a75b52f2d

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/27/2024 9:30:37 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.A.6473
7.11.156.20

avast!
Win32:Installer-M [Adw]
2014.9-140105

Baidu Antivirus
Adware.Win32.Agent
4.0.3.1415

Bkav FE
W32.Clod704.Trojan
1.3.0.4613

ESET NOD32
Win32/Toolbar.CrossRider (variant)
7.9187

G Data
Win32.Trojan.Agent.U0R9S6
14.1.22

herdProtect (fuzzy)
2014.1.5.21

K7 AntiVirus
Unwanted-Program
13.180.12484

Malwarebytes
Spyware.Password
v2014.01.05.09

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.22.18

Sophos
AppRider
4.98

VIPRE Antivirus
Crossrider
24484

File size:
1.4 MB (1,499,752 bytes)

Product version:
1.1.153.38

Copyright:
Copyright 2011

Original file name:
Ghostery IE.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\bringtofront.exe

Digital Signature
Signed by:

Authority:
The USERTRUST Network

Valid from:
3/14/2011 3:00:00 AM

Valid to:
3/14/2014 2:59:59 AM

Subject:
CN="Evidon, Inc.", O="Evidon, Inc.", STREET=28 W. 44th St., STREET=Ste. 800, L=New York, S=NY, PostalCode=10036, C=US

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
00A360D17B416CE4A553A541F18C27640A

File PE Metadata
Compilation timestamp:
4/3/2013 11:21:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:57bZCjqas5Xic/e5RbYheGtptUsRgQ+PjxcEykQqHNuquXqrOT61c5KEs:1bZCjTeXic25RUh5tptUsRgQ+PNDBHhF

Entry address:
0xEF2AD

Entry point:
E8, B0, AB, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 38, AB, 56, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 3C, AB, 56, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 85, 0E, 00, 00, 85, C0, 75, 06, B8, A0, AC, 56, 00, C3, 83, C0, 08, C3, E8, 72, 0E, 00, 00, 85, C0, 75, 06, B8, A4, AC, 56, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Entropy:
6.5803

Code size:
1.2 MB (1,249,280 bytes)

Remove bringtofront.exe - Powered by Reason Core Security