» savings sidekick-bg.exe
Overview
Analysis
File Details
Programs (1)
Network (5)

savings sidekick-bg.exe

Savings Sidekick

Awesome Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application savings sidekick-bg.exe, “Savings Sidekick exe” by Awesome Apps has been detected as adware by 32 anti-malware scanners. This file is typically installed with the program Savings Sidekick by 215 Apps which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.

File name:

Publisher:

215 Apps (signed by Awesome Apps)

Product:

Savings Sidekick

Description:

Savings Sidekick exe

Version:

1.1.151.34

MD5:

fbc09e954ade0df281e2b153e0eff79b

SHA-1:

7deb550d9355bd0fa583191303928d1db88b4541

SHA-256:

92f56aaaee45d8c8a50116d0783bd5937ed0bbd772c4f0c74f29e9f3e06fa662

Scanner detections:

32 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Awesome Apps.

Analysis date:

11/25/2024 8:29:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NNP

581

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

ADWARE/CrossRider.Gen2

8.3.1.6

Arcabit

Adware.Agent.NNP

1.0.0.425

AVG

Crossrider

2016.0.3059

Bitdefender

Adware.Agent.NNP

1.0.20.920

Bkav FE

W32.HfsAdware

1.3.0.6979

Clam AntiVirus

Win.Adware.Agent-2199

0.98/21511

Comodo Security

UnclassifiedMalware

22642

Dr.Web

Trojan.Crossrider1.26368

9.0.1.0184

Emsisoft Anti-Malware

Adware.Agent.NNP

8.15.07.03.04

ESET NOD32

Win32/Toolbar.CrossRider.H potentially unwanted (variant)

9.11877

F-Prot

W32/Crossrider.B.gen

v6.4.7.1.166

F-Secure

Adware.Agent.NNP

11.2015-03-07_6

G Data

Adware.Agent.NNP

15.7.25

IKARUS anti.virus

AdWare.SavingsSidekick

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.205.16434

Malwarebytes

PUP.Optional.SavingsSidekickPlugin.A

v2015.07.03.04

McAfee

Artemis!7748907804BC

5600.6715

MicroWorld eScan

Adware.Agent.NNP

16.0.0.552

NANO AntiVirus

Trojan.Win32.Plugin.crbipj

0.30.24.2320

nProtect

Adware.Agent.NNP

15.07.02.01

Qihoo 360 Security

Win32/Virus.Adware.7b5

1.0.0.1015

Quick Heal

Adware.Crossid.r5 (Not a Virus)

7.15.14.00

Reason Heuristics

PUP.50OnRed.AwesomeApps (M)

15.7.3.16

Sophos

AppRider

4.98

Trend Micro House Call

HV_AGENT_BK084750.TOMC

7.2.184

Trend Micro

TROJ_GEN.R047C0OFL15

10.465.03

Vba32 AntiVirus

Trojan.Agent

3.12.26.4

VIPRE Antivirus

GamePlayLabs

41644

ViRobot

Trojan.Win32.A.Agent.907648[h]

2014.3.20.0

Zillya! Antivirus

Backdoor.PePatch.Win32.41950

2.0.0.2263

File size:

886.4 KB (907,648 bytes)

Product version:

1.1.151.34

Original file name:

Savings Sidekick.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\savings sidekick\savings sidekick-bg.exe

Digital Signature

Signed by:

Awesome Apps

Authority:

Thawte, Inc.

Valid from:

8/29/2012 2:00:00 AM

Valid to:

8/30/2013 1:59:59 AM

Subject:

CN=Awesome Apps, O=Awesome Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

3D0C9CCF6A7D44B9FDA1963A424319BA

File PE Metadata

Compilation timestamp:

9/6/2012 12:20:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:lBYx/A8Vo/j2xat08U/16POuMD3c/0a4AqvB+O82H2IEBYo+4VCGECiTd1ySKF:lBYFA8Vor2ILU/J1ba4xAIWIk772wSKF

Entry address:

0x823C9

Entry point:

E8, 30, A8, 00, 00, E9, 89, FE, FF, FF, 2D, A4, 03, 00, 00, 74, 22, 83, E8, 04, 74, 17, 83, E8, 0D, 74, 0C, 48, 74, 03, 33, C0, C3, B8, 04, 04, 00, 00, C3, B8, 12, 04, 00, 00, C3, B8, 04, 08, 00, 00, C3, B8, 11, 04, 00, 00, C3, 8B, FF, 56, 57, 8B, F0, 68, 01, 01, 00, 00, 33, FF, 8D, 46, 1C, 57, 50, E8, 77, D7, FF, FF, 33, C0, 0F, B7, C8, 8B, C1, 89, 7E, 04, 89, 7E, 08, 89, 7E, 0C, C1, E1, 10, 0B, C1, 8D, 7E, 10, AB, AB, AB, B9, 78, A0, 4D, 00, 83, C4, 0C, 8D, 46, 1C, 2B, CE, BF, 01, 01, 00, 00, 8A, 14, 01... 
[+]

Code size:

739.5 KB (757,248 bytes)

The file savings sidekick-bg.exe has been discovered within the following program.

Savings Sidekick by 215 Apps

Savings Sidekick from 215 Apps (Amazing Apps) installs a web browser extension (Internet Explorer Browser Helper Object) to view web pages loaded and looks for affiliated merchants in order to possibly provide better pricing or alternative deals on a given product or merchant.

www.50onred.com

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-54-72-52-58.eu-west-1.compute.amazonaws.com (54.72.52.58:80)

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.10:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.82.33:80)

TCP (HTTP):

Connects to ppp-96-122.29-151.wind.it (151.29.122.96:80)

Remove savings sidekick-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.