sfnttxlhvepc.exe

Sense

Sense+

The application sfnttxlhvepc.exe has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Sense+

Product:
Sense

Description:
Sense Installer

Version:
1.36.01.22

MD5:
c99496b5485ee7da3ecb5b61baac6f2e

SHA-1:
dd95faaa4b6b0f8b25aeb6ce6fc397f6fab56cd0

SHA-256:
b79ce38b88e981e1c17347366130285801aaef40f37216439631ac6792684ea5

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/27/2024 8:47:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.JS.Crossrider.B
5762964

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.17

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

avast!
Win32:Dropper-gen [Drp]
2014.9-150616

AVG
Crossrider
2016.0.3076

Dr.Web
infected with Trojan.Crossrider.46916
9.0.1.05190

ESET NOD32
Win32/Toolbar.CrossRider.CM potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
6/16/2015

G Data
Script.Application.Plush
15.6.25

K7 AntiVirus
Adware
13.205.16253

Malwarebytes
PUP.Optional.Sense.A
v2015.06.16.06

MicroWorld eScan
Gen:Application.Parj.1
16.0.0.501

Panda Antivirus
Trj/Genetic.gen
15.06.16.06

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
JS.Adware.CrossRider.A
6.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.16.13

Rising Antivirus
PE:Malware.Adwapper!6.2201
23.00.65.15614

Trend Micro House Call
Suspici.33CA0397
7.2.167

Trend Micro
ADW_CROSSRIDER
10.465.16

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

Zillya! Antivirus
Trojan.BlackGen.Win32.11
2.0.0.2229

File size:
9.9 MB (10,416,600 bytes)

Copyright:
Copyright Sense+

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\sfnttxlhvepc.exe

File PE Metadata
Compilation timestamp:
12/4/2012 3:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:WEmJxEqgCq07L4QBnKTV/Kx9iersTH+0XpcaokaEJXsZwI6QFLcCRr:WTcTk4Vix8fH+Gc6a+Xvi

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.0.236:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-50-17-254-188.compute-1.amazonaws.com  (50.17.254.188:80)

Remove sfnttxlhvepc.exe - Powered by Reason Core Security