home

SexyTubeModeService.exe

Sexy Tube Mode Service

Big Water Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application SexyTubeModeService.exe by Big Water Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Sexy Tube Mode”.
Publisher:
Big Water Applications, LLC  (signed and verified)

Product:
Sexy Tube Mode Service

Version:
1.0.0.0

MD5:
b1d52bcf53de6804e81de7b11b723117

SHA-1:
2fc00efb8e925b4c7c77a561f8a445af3be752c6

SHA-256:
672df25e53917f94beb32657bbb2f5433b548a5e06cc2658447c606a2e4f9de0

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
1/12/2025 5:28:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.1.15.9

File size:
61.1 KB (62,576 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Big Water Applications, LLC 2014

Original file name:
SexyTubeModeService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\sexytubemode\sexytubemodeservice.exe

Digital Signature
Signed by:
Big Water Applications, LLC

Authority:
COMODO CA Limited

Valid from:
4/22/2013 1:00:00 AM

Valid to:
4/23/2014 12:59:59 AM

Subject:
CN="Big Water Applications, LLC", O="Big Water Applications, LLC", STREET=640 Grand Ave, STREET=Suite E, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0088DD6A4DF46D819C84B9E99D7A0530C5

File PE Metadata
Compilation timestamp:
3/21/2014 8:47:51 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0xEBBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8905

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
51 KB (52,224 bytes)

Service
Display name:
Sexy Tube Mode

Service name:
SexyTubeMode

Description:
Provides system level support for Sexy Tube Mode.

Type:
Win32OwnProcess


Remove SexyTubeModeService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.