Sara Kodama Project - 33% Detection Rate *

Did you just find a download or a file on your computer that is digitally signed by Sara Kodama Project? Some of the security products refers to the detected files as Crossrider (fs) and Generic.C04. The detection rate for the Sara Kodama Project files collected here is 33%. Please read on for more details.

You'll probably notice Sara Kodama Project when double-clicking to run the file. The publisher name is then displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where Sara Kodama Project appears as the verified publisher in the UAC dialog

You can also view the Sara Kodama Project certificate with the following steps:

  1. Open up Windows Explorer and locate the Sara Kodama Project file
  2. Right-click on the file and select Properties
  3. Click on the Digital Signatures tab
  4. Click on the View Certificate button

Here is a screenshot of a file signed by Sara Kodama Project:

Screenshot of the Sara Kodama Project certificate

As you can see in the screencap above, the Windows OS reports that "This digital signature is OK". This means that the file has been published by Sara Kodama Project and that no one has tampered with the file.

If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc. You can also see the address for Sara Kodama Project, such as the street name, city and country.

COMODO Code Signing CA 2 has issued the Sara Kodama Project certificates. You can also examine the details of the issuer by clicking the View Certificate button shown in the screengrab above.

Sara Kodama Project Files

The following are the Sara Kodama Project files I've collected, thanks to the FreeFixer users.

Detection RatioFile Name
11/54Sense-bho.dll
5/54Sense-bho64.dll
10/54enterprise 1.1-bho.dll
13/55App Lid-bho.dll
13/55Object Browser-bho64.dll
10/54Object Browser-bho.dll
9/55winservice86-bho64.dll
22/55winservice86-codedownloader.exe
11/55App Lid-bho.dll
24/5450d4aed4-2aaa-454f-abde-2027603ed4ce-11.exe
33/560558b24b-0287-4d4b-8759-c66788612108.exe
18/558880b840-841e-448a-b282-e633e8df8401.exe
21/56a5e63233-bead-40fe-80f4-f7e727ff5a13-4.exe

Scanner and Detection Names

Here is the detection names for the Sara Kodama Project files. I have grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
AVGGeneric.C04
AVwareCrossrider (fs)
Ad-AwareGen:Variant.Adware.Plush.1, Gen:Application.Heur.xu1@ky6h38lO
AhnLab-V3PUP/Win32.CrossRider
Antiy-AVLTrojan/NSIS.GoogUpdate.dx, GrayWare[AdWare:not-a-virus]/NSIS.Adwapper
AvastWin32:Crossrider-AI [PUP], Win32:Crossrider-AP [PUP]
AviraADWARE/CrossRider.Gen, ADWARE/CrossRider.Gen4, ADWARE/CrossRider.Gen7, ADWARE/CrossRider.Gen2
Baidu-InternationalPUA.Win32.CrossRider.BBA, PUA.Win32.CrossRider.bBA, PUA.Win32.CrossRider.BAY, PUA.Win32.CrossRider.bAX, PUA.Win32.CrossRider.bBC, PUA.Win32.CrossRider.bAS
BitDefenderGen:Variant.Adware.Plush.1, Gen:Application.Heur.xu1@ky6h38lO
BkavW32.KryptikRogueB.Trojan
ComodoApplication.Win32.Plush.GRI, ApplicUnwnt
DrWebDLOADER.Trojan, Trojan.Crossrider.38763, Trojan.Crossrider.39252, Trojan.Crossrider.39657, Trojan.Crossrider.38762, Trojan.Crossrider.39507
ESET-NOD32a variant of Win32/Toolbar.CrossRider.BA, a variant of Win64/Toolbar.Crossrider.J, a variant of Win32/Toolbar.CrossRider.AY, a variant of Win32/Toolbar.CrossRider.AX, a variant of Win32/Toolbar.CrossRider.BC, a variant of Win32/Toolbar.CrossRider.AS
EmsisoftGen:Variant.Adware.Plush.1 (B)
F-ProtW32/A-ee826839!Eldorado, W32/A-73a7935c!Eldorado, W32/A-9db4148a!Eldorado
F-SecureGen:Variant.Adware.Plush.1, Gen:Application.Heur.xu1@ky6h38lO
FortinetW32/GoogUpdate.AY!tr, W32/GoogUpdate.BC!tr, W32/GoogUpdate.AS!tr, W32/GoogUpdate.AX!tr
GDataWin32.Adware.Crossrider.R, Gen:Variant.Adware.Plush.1, Gen:Application.Heur.xu1@ky6h38lO, MSIL.Adware.Crossrider.X
IkarusTrojan.GoogUpdate, PUA.Toolbar.CrossRider
K7AntiVirusTrojan ( 004a9f481 ), Unwanted-Program ( 0040f9861 )
K7GWTrojan ( 004a9f481 ), Unwanted-Program ( 0040f9861 )
KasperskyTrojan.NSIS.GoogUpdate.dx, Trojan.Win32.GoogUpdate.zwu
MalwarebytesPUP.Optional.Sense.A, PUP.Optional.Enterprise.A, PUP.Optional.AppLid.A, PUP.Optional.ObjectBrowser.A, PUP.Optional.WinService.A
McAfeePUP-FDU, Artemis!A93DDEBE7A35, Artemis!D2106973F1CA, Artemis!3D32FF44E0EC, Artemis!85ED748AE628, Artemis!DCE66271DC10
McAfee-GW-EditionPUP-FDU, Artemis, BehavesLike.Win32.PUP.th, Artemis!PUP
MicroWorld-eScanGen:Variant.Adware.Plush.1, Gen:Application.Heur.xu1@ky6h38lO
NANO-AntivirusTrojan.Win32.GoogUpdate.dinumy, Riskware.Win32.Crossrider.diwzfo, Trojan.Win32.GoogUpdate.diragy, Trojan.Win32.GoogUpdate.divqdy
PandaTrj/Genetic.gen, Trj/Chgt.K
Qihoo-360HEUR/QVM30.1.Malware.Gen, Win32/Virus.Adware.de5, Win32/Virus.Adware.a87, HEUR/QVM10.1.Malware.Gen, HEUR/QVM03.0.Malware.Gen
RisingPE:Malware.Obscure!1.9C59, PE:Trojan.Win32.Generic.17A158C5!396449989
SophosGeneric PUA DJ, Generic PUA PB, Generic PUA GO
SymantecAdware.Crossid, WS.Reputation.1, PUA.Gen.2
TencentNsis.Trojan.Googupdate.Wtni, Nsis.Trojan.Googupdate.Pepc, Nsis.Trojan.Googupdate.Wnlo, Nsis.Trojan.Googupdate.Lqfd, Nsis.Trojan.Googupdate.Lkxm, Nsis.Trojan.Googupdate.Ecun, Nsis.Trojan.Googupdate.Wweg, Nsis.Trojan.Googupdate.Wrqf
TrendMicroTROJ_SPNV.03KF14
TrendMicro-HouseCallSuspicious_GEN.F47V1114, TROJ_SPNV.03KF14
VBA32AdWare.Adwapper
VIPRECrossrider (fs)
ZillyaTrojan.GoogUpdate.Win32.4471

* How the Detection Percentage is Calculated

The detection percentage is based on that I've collected 1045 scan results for the Sara Kodama Project files. 345 of these scan reports came up with some sort of detection. If you like, you can view the full details of the scan results by examining the files listed above.

Analysis Details

The analysis is based on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply