super radio-codedownloader.exe

Super Radio

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application super radio-codedownloader.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 39 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Super Radio by BrightCircle Investments Limited which is a potentially unwanted software program. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for Buca Apps extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Buca Apps  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
Super Radio

Description:
Super Radio exe

Version:
1000.1000.1000.1000

MD5:
7adc880ee62d08febd2a7d51e5756282

SHA-1:
257669513a7a183d6ff078945ff9e76b9e56b226

SHA-256:
c5c5274afd84092a612daee56678a35fdc1f61adec9d99ce6a527e40bcdbe07b

Scanner detections:
39 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is BadFinger Project (BrightCircle Investments Limited).

Analysis date:
11/23/2024 4:42:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.bv1@kmrZd3hO
6155792

AegisLab AV Signature
AdWare.MSIL.DomaIQ
2.1.4+

AhnLab V3 Security
PUP/Win32.CrossRider
2014.12.17

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.196.52

avast!
Win32:Crossrider-AH [PUP]
2014.9-141218

AVG
Generic
2015.0.3258

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141216

Bitdefender
Gen:Application.Heur.bv1@kmrZd3hO
1.0.20.1750

Clam AntiVirus
Win.Adware.Agent-12356
0.98/21411

Comodo Security
ApplicUnwnt
19788

Dr.Web
Trojan.Crossrider.47409
9.0.1.0352

Emsisoft Anti-Malware
Gen:Application.Heur.bv1@kmrZd3hO
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/Adwapper
12/18/2014

F-Prot
W32/S-9ad4719b
v6.4.7.1.166

F-Secure
Riskware.Gen:Application.Heur.bv1@kmrZd3hO
5.13.68

G Data
Gen:Application.Heur.bv1@kmrZd3hO
14.12.24

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14354

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.iWebar.A
v2014.12.18.03

McAfee
Trojan.Artemis!7ADC880EE62D
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.187.339.0

MicroWorld eScan
Gen:Application.Heur.bv1@kmrZd3hO
15.0.0.1050

NANO AntiVirus
Trojan.Win32.Crossrider.deanvm
0.28.2.61942

Norman
Gen:Application.Heur.bv1@kmrZd3hO
04.12.2014 14:30:06

nProtect
Adware.Agent.OMI
14.10.12.01

Panda Antivirus
Trj/Genetic.gen
14.12.16.07

Qihoo 360 Security
Win32/Virus.Adware.de5
1.0.0.1015

Quick Heal
AdWare.NSIS.r5 (Not a Virus)
12.14.14.00

Reason Heuristics
Adware.Crossrider.Task.Brightcircle
15.3.1.16

Rising Antivirus
PE:Trojan.Win32.Generic.175C6496!391931030
23.00.65.141216

Sophos
PUA 'AppRider' (of type Adware)
59

SUPERAntiSpyware
Adware.Crossrider/Variant
10170

Trend Micro House Call
TROJ_GEN.F0C2H00IC14
7.2.352

Trend Micro
PE_SALITY.ER
10.465.18

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

VIPRE Antivirus
Threat.4789396
35418

Zillya! Antivirus
Trojan.GoogUpdate.Win32.72
2.0.0.1924

File size:
1 MB (1,068,512 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Super Radio.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\super radio\super radio-codedownloader.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/17/2014 12:00:00 AM

Valid to:
11/17/2015 11:59:59 PM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/15/2014 11:04:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:axcvbEnFKx/kSHRAj0Zeqdd1togpS4k1TMsz:aEbisVA2ergpS4k1Th

Entry address:
0x9A7D2

Entry point:
E8, CF, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00...
 
[+]

Code size:
757.5 KB (775,680 bytes)

Scheduled Task
Task name:
7eca1cd8-2a95-4759-9c0f-ae713062040a-1

Trigger:
Logon (Runs on logon)


The file super radio-codedownloader.exe has been discovered within the following programs.

Super Radio  by BrightCircle Investments Limited
Super Radio from BadFinger Project (BrightCircle) is an adware app for the browser that uses the Crossrider framework to distribute ads in the browser.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-32.ip.secureserver.net  (50.63.202.32:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.120.185:80)

Remove super radio-codedownloader.exe - Powered by Reason Core Security