wifi protector bi-nova.exe

Wifi Protector BI

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application wifi protector bi-nova.exe, “Wifi Protector BI exe” by Sailor Project has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
WFprotect  (signed by Sailor Project)

Product:
Wifi Protector BI

Description:
Wifi Protector BI exe

Version:
1000.1000.1000.1000

MD5:
edaff95112758a2a2ca0df64c94df4ca

SHA-1:
c8bd0e928705f27d2943e73c7ef0b6c2640aaecc

SHA-256:
5452c1dab8b2b33457de86aa0e9fb9524e5ea24ab808f149b7c1c9fb09c0e1e7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 1:08:52 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle.SailorPr (M)
16.5.2.22

File size:
630.4 KB (645,480 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Wifi Protector BI.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\wifi protector bi\wifi protector bi-nova.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/17/2014 7:00:00 PM

Valid to:
7/18/2015 6:59:59 PM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
7/26/2014 5:05:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:Ae28ZeDCckgENmXdOJU++HWjdauKaepTNiZI9s:5ReDzTRVDayT869s

Entry address:
0x4A4FC

Entry point:
E8, 6C, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, 38, 48, 00, E8, EE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, FF, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, C1, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3541

Code size:
450 KB (460,800 bytes)

Scheduled Task
Task name:
69191457-6f70-4cf4-a343-845a464699f6-7

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-50-63-202-54.ip.secureserver.net  (50.63.202.54:80)

Remove wifi protector bi-nova.exe - Powered by Reason Core Security