AppRider

Category:	Adware and PUAs	Protection available since:	30 Jul 2012 22:52:45 (GMT)
Type:	Adware	Last Updated:	13 May 2013 07:05:41 (GMT)

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of AppRider include:

Example 1

File Information

Size: 771K
SHA-1: 000675fa73b4c76aaac0f1e2e4308493ffaad1ee
MD5: 6fa44a262870f39988ae85c2e36f65e2
CRC-32: b1c52989
File type: Windows executable
First seen: 2012-02-01

Runtime Analysis

Registry Keys Created

HKCU\Software\I Want This\Log
WriteHelperLogFile
0x00000000
HKCU\Software\I Want This
HelperRunningVersion
150

Example 2

File Information

Size: 1.9M
SHA-1: 00223a76b1c2c2b4cfe63e7989563ff3eaeb4421
MD5: 92a1668f51e5c56266d961c08968c5a8
CRC-32: 46e0a079
File type: Windows executable
First seen: 2012-10-02

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\inetc.dll
Size
21K
SHA-1
e0af8e418cbe2b2783b5de93279a3b5dcb73490e
MD5
4c01fdfd2b57b32046b3b3635a4f4df8
CRC-32
02851d38
File type
Windows executable
First seen
2011-09-15
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\closebrowsers.exe
Size
887K
SHA-1
b7065be10abdf54231538f5c18a29e68f3d707fc
MD5
895020abd41f241ca9f752942530152d
CRC-32
51a0ff62
File type
Windows executable
First seen
2012-10-03
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\StdUtils.dll
Size
14K
SHA-1
a8ba022aafc1233894db29e40e569dfc8b280eb9
MD5
21010df9bc37daffcc0b5ae190381d85
CRC-32
517acf9b
File type
Windows executable
First seen
2011-12-04
C:\Program Files\Deals Plugin\Deals Plugin.dll
Size
599K
SHA-1
cfa22b6c3476a44fb78a7c001d519a1972c7c064
MD5
ca2a85e237905809fddbf532fdf3fc31
CRC-32
c7d9ea72
File type
Windows executable
First seen
2012-10-03
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\md5dll.dll
Size
6.5K
SHA-1
bf7eba06020d7154ce4e35f696bec6e6c966287f
MD5
0745ff646f5af1f1cdd784c06f40fce9
CRC-32
506d6ab2
File type
Windows executable
First seen
2010-09-08
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\System.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\UserInfo.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\nsisos.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\4637_tmp
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\checkmachine.exe
Size
887K
SHA-1
b7065be10abdf54231538f5c18a29e68f3d707fc
MD5
895020abd41f241ca9f752942530152d
CRC-32
51a0ff62
File type
Windows executable
First seen
2012-10-03
c:\Documents and Settings\test user\Local Settings\Temp\Deals PluginInstaller_1349239081.log
Size
2.6K
SHA-1
039f16f01e08789a984c65ad4d8bd85375a49514
MD5
a4ced85f0bd3d9a425df93cd2cf88ca9
CRC-32
d87e72f7
File type
ASCII text / 8-bit Unicode Transformation Format
First seen
2012-10-03
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\text.txt
Size
1.3M
SHA-1
ba5cb638af66165de215e387070c7d9041f44c94
MD5
a2635d8a9cf8fe426abce48bf4c89bb9
CRC-32
d71b98dd
File type
Windows executable
First seen
2010-09-15
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\Dialer.dll
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\ExecDos.dll
Size
5.5K
SHA-1
17d13084e75cbfa5fbfdd0025e9a0ee5772ae765
MD5
ebcf9f71d804abab3c2e5ce4c17dc22e
CRC-32
7deaba56
File type
Windows executable
First seen
2011-04-20
C:\Program Files\Deals Plugin\Deals Plugin.ico
Size
9.5K
SHA-1
97519a95d047f8b393b0f52d586dba177b5b0c94
MD5
a96309f09deb3f2cd1f90eef14f71a9b
CRC-32
4f352336
File type
Unspecified binary - probably data
First seen
2012-09-21
c:\Documents and Settings\test user\Local Settings\Temp\nsk4.tmp\nsislog.dll
C:\Program Files\Deals Plugin\ButtonUtil.dll
Size
233K
SHA-1
b8ec78ed5077189effd86fce07367bd9f651a381
MD5
c6abc8cbfd5dc2102b43acab96e0b35c
CRC-32
a6d0b95b
File type
Windows executable
First seen
2012-10-03
C:\Program Files\Deals Plugin\Deals Plugin-bg.exe
Size
887K
SHA-1
b7065be10abdf54231538f5c18a29e68f3d707fc
MD5
895020abd41f241ca9f752942530152d
CRC-32
51a0ff62
File type
Windows executable
First seen
2012-10-03
C:\Program Files\Deals Plugin\Uninstall.exe
Size
619K
SHA-1
c869ae67da696eef4a0e88c0a9b19f3f06d5eb6f
MD5
594aa1b0e5c30f852f4687a16504d3b6
CRC-32
218a4611
File type
Windows executable
First seen
2012-10-03
C:\Program Files\Deals Plugin\Deals Plugin.ini
Size
158
SHA-1
30d6d311cc0b0df3e30db5ee5567d319d60a3252
MD5
abe4f3d4b270a0224a3fe31e14904e06
CRC-32
991c2d2a
File type
Configuration Data File (generic)
First seen
2012-09-21
C:\Program Files\Deals Plugin\Deals Plugin.exe
Size
887K
SHA-1
b7065be10abdf54231538f5c18a29e68f3d707fc
MD5
895020abd41f241ca9f752942530152d
CRC-32
51a0ff62
File type
Windows executable
First seen
2012-10-03

Registry Keys Created

HKCR\Interface\{66666666-6666-6666-6666-660066466637}\ProxyStubClsid
(Default)
{00020424-0000-0000-C000-000000000046}
HKCU\Software\Crossrider
215AppVerifier
3481b5584866d9d8e0cdf1414ee07653
HKCU\Software\Deals Plugin\Log
WriteBhoLogFile
0x00000000
HKCR\Interface\{66666666-6666-6666-6666-660066466637}
(Default)
ISandBox
HKCR\Interface\{55555555-5555-5555-5555-550055465537}\TypeLib
Version
1.0
HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\TypeLib
(Default)
{44444444-4444-4444-4444-440044464437}
HKCR\Interface\{66666666-6666-6666-6666-660066466637}\TypeLib
Version
1.0
HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0
(Default)
CrossriderApp0004637 Type Library
HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0\FLAGS
(Default)
HKCU\Software\Deals Plugin
ActiveAppId
HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\TypeLib
(Default)
{44444444-4444-4444-4444-440044464437}
HKCR\Interface\{55555555-5555-5555-5555-550055465537}\ProxyStubClsid
(Default)
{00020424-0000-0000-C000-000000000046}
HKCR\CLSID\{22222222-2222-2222-2222-220022462237}
(Default)
CrossriderApp0004637.Sandbox
HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0\HELPDIR
(Default)
C:\Program Files\Deals Plugin
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461137}
NoExplorer
0x00000001
HKCR\CLSID\{11111111-1111-1111-1111-110011461137}
(Default)
Deals Plugin
HKCR\TypeLib\{44444444-4444-4444-4444-440044464437}\1.0\0\win32
(Default)
C:\Program Files\Deals Plugin\Deals Plugin.dll
HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\InprocServer32
ThreadingModel
Apartment
HKCR\CrossriderApp0004637.BHO\CLSID
(Default)
{11111111-1111-1111-1111-110011461137}
HKCR\Interface\{55555555-5555-5555-5555-550055465537}
(Default)
ICrossriderBHO
HKCR\CrossriderApp0004637.BHO.1\CLSID
(Default)
{11111111-1111-1111-1111-110011461137}
HKCR\Interface\{66666666-6666-6666-6666-660066466637}\ProxyStubClsid32
(Default)
{00020424-0000-0000-C000-000000000046}
HKCR\CrossriderApp0004637.Sandbox\CurVer
(Default)
CrossriderApp0004637.Sandbox
HKCR\CrossriderApp0004637.Sandbox\CLSID
(Default)
{22222222-2222-2222-2222-220022462237}
HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\VersionIndependentProgID
(Default)
CrossriderApp0004637.Sandbox
HKCR\CrossriderApp0004637.BHO.1
(Default)
CrossriderApp0004637
HKCR\CrossriderApp0004637.Sandbox.1
(Default)
CrossriderApp0004637.Sandbox
HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\VersionIndependentProgID
(Default)
CrossriderApp0004637
HKCR\CrossriderApp0004637.BHO
(Default)
CrossriderApp0004637
HKCR\CrossriderApp0004637.BHO\CurVer
(Default)
CrossriderApp0004637
HKCR\Interface\{55555555-5555-5555-5555-550055465537}\ProxyStubClsid32
(Default)
{00020424-0000-0000-C000-000000000046}
HKCR\CLSID\{11111111-1111-1111-1111-110011461137}\ProgID
(Default)
CrossriderApp0004637.BHO.1
HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\ProgID
(Default)
CrossriderApp0004637.Sandbox.1
HKCR\CLSID\{22222222-2222-2222-2222-220022462237}\InprocServer32
ThreadingModel
Apartment
HKCR\CrossriderApp0004637.Sandbox
(Default)
CrossriderApp0004637.Sandbox
HKCR\CrossriderApp0004637.Sandbox.1\CLSID
(Default)
{22222222-2222-2222-2222-220022462237}

Processes Created

c:\docume~1\support\locals~1\temp\nsk4.tmp\checkmachine.exe
c:\docume~1\support\locals~1\temp\nsk4.tmp\closebrowsers.exe
c:\windows\system32\regsvr32.exe

HTTP Requests

http://stats.crossrider.com/installer.gif
http://www.install-trk.com/installer-run/46769111EE1D4C01B903A9206F61322DIE/3481b5584866d9d8e0cdf1414ee07653/xriderexe/1348467910/

DNS Requests

stats.crossrider.com
www.install-trk.com

Example 3

File Information

Size: 329K
SHA-1: 00294a9c8f83cedd66a774b9f9fb6e4108792923
MD5: 8a70b28969276a99f0bd07301ca4c6b7
CRC-32: d57dbaf3
File type: Windows executable
First seen: 2012-02-13

Runtime Analysis

Registry Keys Created

HKCU\Software\I Want This
HelperRunningVersion
147

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

AppRider

Example 1

File Information

Runtime Analysis

Registry Keys Created

Example 2

File Information

Runtime Analysis

Dropped Files

Registry Keys Created

Processes Created

HTTP Requests

DNS Requests

Example 3

File Information

Runtime Analysis

Registry Keys Created

Free Mac Anti-Virus

Popular topics