sense-nova.exe

Sense

Object Browser

The application sense-nova.exe has been detected as adware by 27 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Sense by Object Browser which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address ip-50-63-202-55.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Object Browser

Product:
Sense

Description:
Sense exe

Version:
1000.1000.1000.1000

MD5:
36363165cc916548784a712f488313b5

SHA-1:
3aa4d8581911e00c45ff15542970c33440e62492

SHA-256:
edcd322366b73bd58a8083d3c4d2f657b3cb0671e0f43c72358b1e9330d00a00

Scanner detections:
27 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/25/2024 9:00:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.19680
928

Agnitum Outpost
PUA.AdLoad
7.1.1

AhnLab V3 Security
PUP/Win32.Toolbar
2014.07.09

Avira AntiVirus
Adware/CrossRider.A.4953
7.11.152.176

avast!
Win32:Adware-gen [Adw]
2014.9-140721

AVG
Generic_r
2015.0.3406

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14721

Bitdefender
Gen:Variant.Kazy.19680
1.0.20.1010

Bkav FE
W32.CrossRiderD.Adware
1.3.0.4959

Emsisoft Anti-Malware
Gen:Variant.Kazy.19680
8.14.07.21.05

ESET NOD32
Win32/Toolbar.CrossRider.AE (variant)
8.10067

Fortinet FortiGate
Riskware/Toolbar_CrossRider
7/21/2014

F-Prot
W32/A-7d811582
v6.4.7.1.166

F-Secure
Gen:Variant.Kazy.19680
11.2014-21-07_2

G Data
Win32.Application.Plush
14.7.24

IKARUS anti.virus
PUA.OptionalInst.Goobzo
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.178.12278

Malwarebytes
PUP.Optional.Sense.A
v2014.07.09.07

McAfee
Artemis!768454CDA6CA
5600.7062

MicroWorld eScan
Gen:Variant.Kazy.19680
15.0.0.606

NANO AntiVirus
Riskware.Win32.AdLoad.dbihow
0.28.0.60253

Panda Antivirus
Trj/Genetic.gen
14.07.21.05

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.21.17

Sophos
AppRider
4.98

Trend Micro House Call
Suspicious_GEN.F47V0704
7.2.202

VIPRE Antivirus
Crossrider
31110

File size:
586 KB (600,064 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Sense.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sense\sense-nova.exe

File PE Metadata
Compilation timestamp:
7/8/2014 3:12:12 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:pSW6tD1gG74GMx3DIZ/vIHXsWyAvpTIBSMal9:8W6tDRi8qsP4TO2l9

Entry address:
0x459DC

Entry point:
E8, 5A, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, A1, 47, 00, E8, DE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, ED, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 13, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3102

Code size:
416 KB (425,984 bytes)

Scheduled Task
Task name:
66f8173a-0e00-462e-91c9-747f0d978aad-7

Trigger:
Logon (Runs on logon)

Action:
sense-nova.exe \qeyfuexq='sense' \qbksxqapk=48292 \tgxqyh='000803


The file sense-nova.exe has been discovered within the following program.

Sense  by Object Browser
Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.
85% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.98.114:80)

TCP (HTTP):
Connects to linux17.sadecehosting.com  (188.132.129.17:80)

TCP (HTTP):
Connects to reverse-77-79-81-241.pusula.net.tr  (77.79.81.241:80)

TCP (HTTP):
Connects to 74-208-236-250.elastic-ssl.ui-r.com  (74.208.236.250:80)

TCP (HTTP):
Connects to server-178.211.62.129.as42926.net  (178.211.62.129:80)

TCP (HTTP):
Connects to ip-50-63-202-55.ip.secureserver.net  (50.63.202.55:80)

Remove sense-nova.exe - Powered by Reason Core Security