» kszyzl.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

kszyzl.exe

Sense

Sara Kodama Project

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application kszyzl.exe by Sara Kodama Project has been detected as adware by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named KSZYZL triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

kszyzl.exe

Publisher:

Object Browser (signed by Sara Kodama Project)

Product:

Sense

Description:

Sense exe

Version:

1000.1000.1000.1000

MD5:

0400153cfeeb2d50c0e549e84badbef4

SHA-1:

f5bf376a05e68fb0bbe901a8c2546b446efb0143

SHA-256:

16e30e2b0067cf65eeab5bf83cb21eb192fb4826f149ccf9a18e4a5c0440291c

Scanner detections:

23 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

11/23/2024 7:05:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Plush.1

803

AhnLab V3 Security

PUP/Win32.CrossRider

2014.11.10

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.183.220

avast!

Win32:Crossrider-AI [PUP]

141025-0

AVG

Generic

2015.0.3295

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.14119

Bitdefender

Gen:Variant.Adware.Plush.1

1.0.20.1640

Comodo Security

Application.Win32.Plush.GRI

20033

Emsisoft Anti-Malware

Gen:Variant.Adware.Plush

8.14.11.24.11

ESET NOD32

Win32/Toolbar.CrossRider.AX (variant)

8.10695

Fortinet FortiGate

Adware/Adwapper

11/24/2014

F-Secure

Gen:Variant.Adware.Plush.1

11.2014-24-11_2

G Data

Win32.Adware.Crossrider

14.11.24

IKARUS anti.virus

PUA.Toolbar.CrossRider

t3scan.1.8.3.0

Kaspersky

Trojan.NSIS.GoogUpdate

15.0.0.494

Malwarebytes

PUP.Optional.Sense.A

v2014.11.09.01

McAfee

Artemis!96D2CE4A0404

5600.6937

MicroWorld eScan

Gen:Variant.Adware.Plush.1

15.0.0.984

Panda Antivirus

Trj/Genetic.gen

14.11.24.11

Qihoo 360 Security

Win32/Virus.Adware.a87

1.0.0.1015

Reason Heuristics

PUP.Task.SaraKodamaProject.G

14.11.10.14

Sophos

Generic PUA NN

4.98

VIPRE Antivirus

Threat.4789396

34232

File size:

1.9 MB (2,025,376 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Sense.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\kszyzl.exe

Digital Signature

Signed by:

Sara Kodama Project

Authority:

COMODO CA Limited

Valid from:

10/20/2014 2:00:00 AM

Valid to:

10/21/2015 1:59:59 AM

Subject:

CN=Sara Kodama Project, O=Sara Kodama Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75E47031A737D2A200F0C7A94034399F

File PE Metadata

Compilation timestamp:

11/8/2014 9:37:40 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:/5o9F2u/nsDN30+E2WbVap3MjISpSIiT9Z1V1Dzf:xo9ZPeE5Rap3Mgj

Entry address:

0xF5991

Entry point:

E8, 67, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 9A, FE, 00, 00, 3B, 30, 7C, 07, E8, 91, FE, 00, 00, 8B, 30, E8, 84, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 80, ED, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 80, ED, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, FE, EA... 
[+]

Code size:

1.1 MB (1,187,328 bytes)

Scheduled Task

Task name:

KSZYZL

Trigger:

Logon (Runs on logon)

The file kszyzl.exe has been discovered within the following program.

Sense by Object Browser

Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.

85% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ip-50-63-202-59.ip.secureserver.net (50.63.202.59:80)

Remove kszyzl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.