» Savings App Pro.dll
Overview
Analysis
File Details
Behaviors (1)

Savings App Pro.dll

Savings App Pro

Amazing Apps

This web browser extension uses the Crossrider toolbar creation and distribution platform. The module Savings App Pro.dll, “Savings App Pro BHO” by Amazing Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘CrossriderApp0009429’.

File name:

Savings App Pro.dll

Publisher:

215 Apps (signed by Amazing Apps)

Product:

Savings App Pro

Description:

Savings App Pro BHO

Version:

1.1.149.13

MD5:

d37e8504db7bddf5bd0e989a7cf769d7

SHA-1:

9fa5f3a450e17dc18e3fafb6bb62f218c2cd0265

SHA-256:

e52dec61b4ce2405d27b0abcb2dbe51922f214f2e4f027574952a773dca533ab

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/17/2024 5:15:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.50OnRed (M)

16.12.14.13

File size:

520.4 KB (532,864 bytes)

Product version:

1.1.149.13

Original file name:

Savings App Pro.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\savings app pro\savings app pro.dll

Digital Signature

Signed by:

Amazing Apps

Authority:

Thawte, Inc.

Valid from:

4/30/2012 7:00:00 PM

Valid to:

5/1/2013 6:59:59 PM

Subject:

CN=Amazing Apps, O=Amazing Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2E307885017928B61D4F2CEF5EB10A05

Registration

CLSIDs:

{11111111-1111-1111-1111-110011941129}, {22222222-2222-2222-2222-220022942229}, {33333333-3333-3333-3333-330033943329}

ProgIDs:

CrossriderApp0009429.BHO.1, CrossriderApp0009429.Sandbox.1, CrossriderApp0009429.FBApi.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

5/22/2012 12:05:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x2F087

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 98, 86, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, C5, C3, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 90, 44, 07, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18... 
[+]

Entropy:

6.6073

Code size:

366.5 KB (375,296 bytes)

Internet Explorer BHO

Display name:

CrossriderApp0009429

CLSID:

{11111111-1111-1111-1111-110011941129}

CLSID name:

Savings App Pro

Remove Savings App Pro.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.