signor sconto-buttonutil64.exe

Signor Sconto

Mein Gutscheincode GmbH

The application signor sconto-buttonutil64.exe, “Signor Sconto exe” by Mein Gutscheincode GmbH has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Mein Gutscheincode GmbH  (signed and verified)

Product:
Signor Sconto

Description:
Signor Sconto exe

Version:
1000.1000.1000.1000

MD5:
2da26863d7025df6ec4882c63ca9f79a

SHA-1:
8745862a872ee5c82520e54d7f16eb0e32ac6bb3

SHA-256:
33b6cfaa5bae46354afbef5c182004cdeb9949e2e023580a0ab3089ea76612d4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install new code and Javascript updates for the extension.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Mein Gutscheincode GmbH.

Analysis date:
12/24/2024 11:56:12 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider.MeinGuts (M)
16.7.15.3

File size:
435.1 KB (445,576 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Signor Sconto.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\signor sconto\signor sconto-buttonutil64.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/25/2013 1:00:00 AM

Valid to:
3/26/2015 12:59:59 AM

Subject:
CN=Mein Gutscheincode GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mein Gutscheincode GmbH, L=Berlin, S=Berlin, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6DC967C1E9C4DBE86E88DB14D51147D4

File PE Metadata
Compilation timestamp:
8/12/2013 11:46:43 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:vsDw3GMZ0yKDzfFk0C2q+TKdGmvOn+UKc439e4+mkT5l8sX62ZShLRrtKecnKCTO:0Dw3GD/9gd0uBX3efYhNLCT4IkD

Entry address:
0x304B8

Entry point:
48, 83, EC, 28, E8, 7F, B3, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 40, 55, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 50, 48, 8D, 6C, 24, 40, 48, 89, 5D, 40, 48, 89, 75, 48, 48, 89, 7D, 50, 48, 8B, 05, FE, 72, 03, 00, 48, 33, C5, 48, 89, 45, 08, 8B, 5D, 60, 33, FF, 4D, 8B, F1, 45, 8B, F8, 89, 55, 00, 85, DB, 7E, 2A, 44, 8B, D3, 49, 8B, C1, 41, FF, CA, 40, 38, 38, 74, 0C, 48, FF, C0, 45, 85, D2, 75, F0, 41, 83, CA, FF, 8B, C3, 41, 2B, C2, FF, C8, 3B, C3, 8D, 58, 01, 7C, 02, 8B, D8, 44, 8B, 65...
 
[+]

Code size:
290.5 KB (297,472 bytes)

Remove signor sconto-buttonutil64.exe - Powered by Reason Core Security