» super radio-codedownloader.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

super radio-codedownloader.exe

Super Radio

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application super radio-codedownloader.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 39 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Super Radio by BrightCircle Investments Limited which is a potentially unwanted software program. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for Buca Apps extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Buca Apps (signed by BadFinger Project (BrightCircle Investments Limited))

Product:

Super Radio

Description:

Super Radio exe

Version:

1000.1000.1000.1000

MD5:

7adc880ee62d08febd2a7d51e5756282

SHA-1:

257669513a7a183d6ff078945ff9e76b9e56b226

SHA-256:

c5c5274afd84092a612daee56678a35fdc1f61adec9d99ce6a527e40bcdbe07b

Scanner detections:

39 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is BadFinger Project (BrightCircle Investments Limited).

Analysis date:

11/2/2024 1:36:08 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.bv1@kmrZd3hO

6155792

AegisLab AV Signature

AdWare.MSIL.DomaIQ

2.1.4+

AhnLab V3 Security

PUP/Win32.CrossRider

2014.12.17

Avira AntiVirus

ADWARE/CrossRider.Gen4

7.11.196.52

avast!

Win32:Crossrider-AH [PUP]

2014.9-141218

AVG

Generic

2015.0.3258

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141216

Bitdefender

Gen:Application.Heur.bv1@kmrZd3hO

1.0.20.1750

Clam AntiVirus

Win.Adware.Agent-12356

0.98/21411

Comodo Security

ApplicUnwnt

19788

Dr.Web

Trojan.Crossrider.47409

9.0.1.0352

Emsisoft Anti-Malware

Gen:Application.Heur.bv1@kmrZd3hO

9.0.0.4668

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Adwapper

12/18/2014

F-Prot

W32/S-9ad4719b

v6.4.7.1.166

F-Secure

Riskware.Gen:Application.Heur.bv1@kmrZd3hO

5.13.68

G Data

Gen:Application.Heur.bv1@kmrZd3hO

14.12.24

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.188.14354

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

15.0.0.543

Malwarebytes

PUP.Optional.iWebar.A

v2014.12.18.03

McAfee

Trojan.Artemis!7ADC880EE62D

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.187.339.0

MicroWorld eScan

Gen:Application.Heur.bv1@kmrZd3hO

15.0.0.1050

NANO AntiVirus

Trojan.Win32.Crossrider.deanvm

0.28.2.61942

Norman

Gen:Application.Heur.bv1@kmrZd3hO

04.12.2014 14:30:06

nProtect

Adware.Agent.OMI

14.10.12.01

Panda Antivirus

Trj/Genetic.gen

14.12.16.07

Qihoo 360 Security

Win32/Virus.Adware.de5

1.0.0.1015

Quick Heal

AdWare.NSIS.r5 (Not a Virus)

12.14.14.00

Reason Heuristics

Adware.Crossrider.Task.Brightcircle

15.3.1.16

Rising Antivirus

PE:Trojan.Win32.Generic.175C6496!391931030

23.00.65.141216

Sophos

PUA 'AppRider' (of type Adware)

SUPERAntiSpyware

Adware.Crossrider/Variant

10170

Trend Micro House Call

TROJ_GEN.F0C2H00IC14

7.2.352

Trend Micro

PE_SALITY.ER

10.465.18

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Threat.4789396

35418

Zillya! Antivirus

Trojan.GoogUpdate.Win32.72

2.0.0.1924

File size:

1 MB (1,068,512 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Super Radio.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\super radio\super radio-codedownloader.exe

Digital Signature

Signed by:

BadFinger Project (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 12:00:00 AM

Valid to:

11/17/2015 11:59:59 PM

Subject:

CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata

Compilation timestamp:

12/15/2014 11:04:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:axcvbEnFKx/kSHRAj0Zeqdd1togpS4k1TMsz:aEbisVA2ergpS4k1Th

Entry address:

0x9A7D2

Entry point:

E8, CF, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00... 
[+]

Code size:

757.5 KB (775,680 bytes)

Scheduled Task

Task name:

7eca1cd8-2a95-4759-9c0f-ae713062040a-1

Trigger:

Logon (Runs on logon)

The file super radio-codedownloader.exe has been discovered within the following programs.

Super Radio by BrightCircle Investments Limited

Super Radio from BadFinger Project (BrightCircle) is an adware app for the browser that uses the Crossrider framework to distribute ads in the browser.

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip-50-63-202-32.ip.secureserver.net (50.63.202.32:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.120.185:80)

Remove super radio-codedownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.