ozan.exe

Sense

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ozan.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 26 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Object Browser  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
Sense

Description:
Sense exe

Version:
1000.1000.1000.1000

MD5:
7ed4f4bdf432bc2529245991fb655f96

SHA-1:
90ebf42cbf26d492d243a127d8f3e8a8712826b8

SHA-256:
639c5e74a0b72895ed9ba49caa32ee90f62ca3c26a0fe71610559fdc1c37339b

Scanner detections:
26 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
12/24/2024 12:43:12 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.Dv1@km@znncO
6129878

AhnLab V3 Security
PUP/Win32.CrossRider
2014.12.14

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.195.56

avast!
Win32:Crossrider-AP [PUP]
141130-1

AVG
Generic
2015.0.3261

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141214

Bitdefender
Gen:Application.Heur.Dv1@km@znncO
1.0.20.1740

Comodo Security
ApplicUnwnt
20391

Dr.Web
Trojan.Crossrider.47115
9.0.1.0352

Emsisoft Anti-Malware
Gen:Application.Heur.Dv1@km@znncO
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/Adwapper
12/18/2014

F-Secure
Riskware.Gen:Application.Heur.Dv1@km@znncO
5.13.68

G Data
Gen:Application.Heur.Dv1@km@znncO
14.12.24

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.187.14319

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.Sense.A
v2014.12.14.02

McAfee
Trojan.Artemis!4C7074C4F6D4
5600.6912

MicroWorld eScan
Gen:Application.Heur.Dv1@km@znncO
15.0.0.1044

Norman
Gen:Application.Heur.Dv1@km@znncO
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.14.02

Qihoo 360 Security
Win32/Application.e81
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Task.E
14.12.14.2

Sophos
Generic PUA IH
4.98

VIPRE Antivirus
Threat.4789396
35418

File size:
1.5 MB (1,536,480 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Sense.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\ozan.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/17/2014 7:00:00 AM

Valid to:
11/18/2015 6:59:59 AM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/14/2014 8:04:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:MZctlu+b8I3RFxpGMGEhl2xiOaFLtZWvfgPh7QK3t6fpSkqdTjc63r:M+bgwXGzEhoupsfc6fpSkQTg6b

Entry address:
0xF117B

Entry point:
E8, 3D, FE, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 70, FF, 00, 00, 3B, 30, 7C, 07, E8, 67, FF, 00, 00, 8B, 30, E8, 5A, FF, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, C9, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, F0, 60, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 13, 2F, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, F0, 60, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, D4, EB...
 
[+]

Entropy:
6.6138

Code size:
1.1 MB (1,154,560 bytes)

Scheduled Task
Task name:
OZAN

Trigger:
Logon (Runs on logon)


The file ozan.exe has been discovered within the following program.

Sense  by Object Browser
Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-53.ip.secureserver.net  (50.63.202.53:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

Remove ozan.exe - Powered by Reason Core Security