smartsaver-3.exe

Chdxwoiigw

Odnntosupq

The application smartsaver-3.exe has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d3ijsb1ryk5jd8.cloudfront.net and multiple other hosts.
Publisher:
Odnntosupq

Product:
Chdxwoiigw

Description:
Jwbokhmx

Version:
11.13.6.3

MD5:
31b18c89e1985a742ce9d4693ad45186

SHA-1:
883548d93b4e0104031c1f659365fc85db300a77

SHA-256:
6d31058b1842adf4ca468fef45fae7004a8c36f0f9e418716ba5fc0a11fdd40a

Scanner detections:
8 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/24/2024 1:27:14 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-140531

Dr.Web
Trojan.Crossrider.18024
9.0.1.0151

ESET NOD32
Win32/Packed.ScrambleWrapper (variant)
8.9851

Fortinet FortiGate
PossibleThreat
5/31/2014

Malwarebytes
PUP.Optional.ScramblePacker.A
v2014.05.31.02

McAfee
Artemis!31B18C89E198
5600.7113

Reason Heuristics
PUP.Downloader.Odnntosupq.M
14.5.31.14

Trend Micro House Call
TROJ_GEN.F47V0522
7.2.151

File size:
7.4 MB (7,786,096 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\smartsaver-3.exe

File PE Metadata
Compilation timestamp:
12/4/2012 2:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:DZgYpoEBDJPm1ENGKOe5sPkbViG9ZUrMEExS+TPAwYxZYmsxL:FRhRm2/NyPQVigZU4++DARjYlL

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file smartsaver-3.exe has been seen being distributed by the following 3 URLs.

Remove smartsaver-3.exe - Powered by Reason Core Security