sendorisetupx_20131111.exe

Sendori

Sendori, Inc

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application sendorisetupx_20131111.exe by Sendori, Inc has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts.
Publisher:
Sendori, Inc.  (signed by Sendori, Inc)

Product:
Sendori

Version:
2.0.16.0

MD5:
f286c4ff7e25caf9bd426c2404d440e9

SHA-1:
7c840f4ce3a47e709e5771e1927767210d4ab717

SHA-256:
d43b4cac4a7d145753028ad61001779bdc6fa0627ae19295c1513982ca26f863

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
11/27/2024 2:41:24 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.72
9.0.1.0365

Reason Heuristics
PUP.Installer.Sendori.W
14.8.7.21

Trend Micro House Call
ADW_DORISEN
7.2.365

Trend Micro
ADW_DORISEN
10.465.31

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
4.8 MB (5,054,368 bytes)

Copyright:
© Sendori, Inc. All rights reserved.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sendorisetupx_20131111.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/11/2013 8:00:00 AM

Valid to:
5/11/2014 7:59:59 AM

Subject:
CN="Sendori, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sendori, Inc", L=Oakland, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7442E44B0C8A4CAFD2E5797F9201E3FF

File PE Metadata
Compilation timestamp:
12/6/2009 6:53:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:YDH64kx8ycQl1gAYP1JnE+JFNI/hsr8dGsTr2pNGoyPlj4:wH6zX1O1JnvrIRTrm8oyt8

Entry address:
0x355E

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B8, A7, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, 88, 82, 40, 00, 6A, 08, A3, 98, 10, 43, 00, E8, D6, 2E, 00, 00, A3, E4, 0F, 43, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, E8, A7, 42, 00, FF, 15, 58, 81, 40, 00, 68, AC, A7, 40, 00, 68, E0, 07, 43, 00, E8, DC, 29, 00, 00, FF, 15, AC, 80, 40, 00, BF, 00, 70, 43, 00, 50, 57, E8, CA, 29, 00, 00...
 
[+]

Entropy:
7.9928

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file sendorisetupx_20131111.exe has been seen being distributed by the following 2 URLs.

Remove sendorisetupx_20131111.exe - Powered by Reason Core Security