» sms15.exe
Overview
Analysis
File Details
Downloads (1)

sms15.exe

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application sms15.exe by Sailor Project has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cdn.airdlr6.com. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

sms15.exe

Publisher:

Sailor Project (signed and verified)

Description:

Amdzznjcujzly

Version:

7.9.1.3

MD5:

cfb5cd59db214877c5262481de8085b6

SHA-1:

c4ac2b590af60fb62c0d6d354606de506abfb872

SHA-256:

9216a9bf32cb55e16d57dd6fc65d660d93b7499838c917a1c7a4c0a6f6b3cc93

Scanner detections:

5 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

11/5/2024 8:24:51 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Adware.Agent-6597

0.98/21411

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

McAfee

Generic PUP.y

5600.7054

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.SailorProject.F

14.7.30.4

File size:

7.6 MB (8,000,216 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sms15.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/18/2014 1:00:00 AM

Valid to:

7/19/2015 12:59:59 AM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

12/4/2012 1:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:uq3UQYWU2wUWFN+NPAXjRe86ptU5jmM7EgDLJ1PLN:oQJqUumwVelqZEa1Ph

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9984 (probably packed)

Code size:

34.5 KB (35,328 bytes)

The file sms15.exe has been seen being distributed by the following URL.

http://cdn.airdlr6.com/downloads/offers/.../sms15.exe

Remove sms15.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.