home

cs browser assistant 2.0-firefoxinstaller.exe

CS Browser Assistant 2.0

GetDeal GmbH

Part of the Crossrider framework, a web browser extension that will deliver advertisements such as coupons, price-comparisons, display media, affiliate links, banners, popups/popunders and other links. The application cs browser assistant 2.0-firefoxinstaller.exe, “CS Browser Assistant 2.0 exe” by GetDeal GmbH has been detected as adware by 4 anti-malware scanners. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity.
Publisher:
GetDeal GmbH  (signed and verified)

Product:
CS Browser Assistant 2.0

Description:
CS Browser Assistant 2.0 exe

Version:
1000.1000.1000.1000

MD5:
0c981ac6c4c15518aaed2715f2962a0a

SHA-1:
708f5a956c75efcbedce20c19c4bb4aa76d799e1

SHA-256:
3cdf9d7d557d4885c227441114e147955c3174b456f0cfccafac03ef926c8d1d

Scanner detections:
4 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is GetDeal GmbH.

Analysis date:
11/27/2024 2:43:25 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.8993

Malwarebytes
PUP.Optional.CouponScout.A
v2014.02.12.10

Reason Heuristics
PUP.Crossrider.GetDealGmbH.i
14.7.17.9

VIPRE Antivirus
Crossrider
22920

File size:
709 KB (725,968 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CS Browser Assistant 2.0.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cs browser assistant 2.0\cs browser assistant 2.0-firefoxinstaller.exe

Digital Signature
Signed by:
GetDeal GmbH

Authority:
GlobalSign nv-sa

Valid from:
9/27/2013 3:18:50 PM

Valid to:
9/28/2014 3:18:50 PM

Subject:
E=support@getdeal.com, CN=GetDeal GmbH, O=GetDeal GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112133ADAF505A304FB2DCE57FD333F47B58

File PE Metadata
Compilation timestamp:
8/12/2013 12:44:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:uBfakjQStVkFRYDMH3Mu9ZHjTJmatWEeqZ97cZ4K727Jxe3/ghpTj:0fpN2uwcE4Jo6VGxHT

Entry address:
0x79D96

Entry point:
E8, C1, A0, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, B4, FE, 4A, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, B0, 30, 49, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
 
[+]

Entropy:
6.6377

Code size:
582.5 KB (596,480 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/002811/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.