dc97e5df-fae0-45d8-887f-3d091cc8eaf6-6.exe

Sense

Sense+

The application dc97e5df-fae0-45d8-887f-3d091cc8eaf6-6.exe has been detected as adware by 17 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Sense+

Product:
Sense

Description:
Sense exe

Version:
1000.1000.1000.1000

MD5:
cc7e9789edd69cdd2c6d4c6a93ee859c

SHA-1:
36a2d137ee5307dfca4748f421323c445d44b7c0

SHA-256:
43794ee0d91d4704446ecd98494c14b49b4886f77f5c78b71772c215d60e33d0

Scanner detections:
17 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/27/2024 5:37:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.oz0@myKsf8ii
5687224

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.07

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Application.Heur.E130DC
1.0.0.425

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1566

Bitdefender
Gen:Application.Heur.oz0@myKsf8ii
1.0.20.785

Emsisoft Anti-Malware
Gen:Application.Heur.oz0@myKsf8ii
10.0.0.5366

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.oz0@myKsf8ii
5.14.151

G Data
Gen:Application.Heur.oz0@myKsf8ii
15.6.25

Malwarebytes
PUP.Optional.Sense.A
v2015.06.06.02

MicroWorld eScan
Gen:Application.Heur.oz0@myKsf8ii
16.0.0.471

Norman
Gen:Application.Heur.oz0@myKsf8ii
02.06.2015 14:23:46

Panda Antivirus
Trj/Genetic.gen
15.06.06.02

Reason Heuristics
Adware.Crossrider.Sense
15.6.6.14

Rising Antivirus
PE:Malware.Adwapper!6.2061
23.00.65.15604

SUPERAntiSpyware
Adware.CrossRider/Variant
9830

File size:
1.2 MB (1,283,072 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Sense.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sense\dc97e5df-fae0-45d8-887f-3d091cc8eaf6-6.exe

File PE Metadata
Compilation timestamp:
6/6/2015 12:07:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:FG8bdMxI+spDOx/dsE/zYUX5tky7HTAUBTCpSJNUkOe4LqJU8Wcef:FGtLzp5bTCpSJNUkOekqJU8Wcef

Entry address:
0x99168

Entry point:
E8, 97, 01, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, 2A, 50, 00, E8, F2, 76, 00, 00, E8, C6, 53, 00, 00, 0F, B7, F0, 6A, 02, E8, 2A, 01, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 96, 9A, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4305

Code size:
801 KB (820,224 bytes)

Scheduled Task
Task name:
dc97e5df-fae0-45d8-887f-3d091cc8eaf6-6

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.72.57:80)

Remove dc97e5df-fae0-45d8-887f-3d091cc8eaf6-6.exe - Powered by Reason Core Security