e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe

Sense

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Object Browser  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
Sense

Description:
Sense exe

Version:
1000.1000.1000.1000

MD5:
18f81f5efe7d46f3308de16fe2c76802

SHA-1:
dcd6f1eb570dded4595b9e5175c44af86b8c0361

SHA-256:
cfc60e03f4ea9c540d1f03105b16f2b4e95685f9e9893593c6b05082a3ddebca

Scanner detections:
15 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
12/25/2024 1:03:03 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.196.106

AVG
Generic
2015.0.3258

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141217

Comodo Security
ApplicUnwnt
20396

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

G Data
Win32.Adware.Crossrider
14.12.24

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14354

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.Sense.A
v2014.12.17.06

McAfee
Artemis!18F81F5EFE7D
5600.6914

Panda Antivirus
Generic Suspicious
14.12.17.06

Qihoo 360 Security
Win32/Virus.Adware.a87
1.0.0.1015

Reason Heuristics
PUP.Crossrider.Task.g
14.12.17.6

VIPRE Antivirus
Threat.4789396
35418

File size:
1.3 MB (1,407,968 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Sense.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sense\e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/17/2014 8:00:00 AM

Valid to:
11/18/2015 7:59:59 AM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/16/2014 9:06:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:9JlRtSflbxxO4VOsCtkQqkOTATFT2pSNMOIOQAy5QTy+D5T:9JoljAs4zqkT2pSNMOIO/y5QTy+D5T

Entry address:
0xAC84D

Entry point:
E8, 12, 01, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D0, E0, 51, 00, E8, 6D, 76, 00, 00, E8, 34, 53, 00, 00, 0F, B7, F0, 6A, 02, E8, A5, 00, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 18, 8E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3426

Code size:
872 KB (892,928 bytes)

Scheduled Task
Task name:
e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6

Trigger:
Logon (Runs on logon)

Action:
e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe \rawdata=uxxsiyzoy09sfhqtt\9hilh9zakj5t0r9r887hsqu


The file e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe has been discovered within the following program.

Sense  by Object Browser
Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-61.ip.secureserver.net  (184.168.221.61:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.81.122:80)

TCP (HTTP):
Connects to ip-50-63-202-55.ip.secureserver.net  (50.63.202.55:80)

TCP (HTTP):
Connects to ip-50-63-202-61.ip.secureserver.net  (50.63.202.61:80)

Remove e7e7e2dd-a78c-4fb0-af33-bdbf9fbba620-6.exe - Powered by Reason Core Security