10335944-5c7f-411a-b958-8ba12aecb9b0-11.exe

CinemaPlus-3.2cV21.08

Digit Network (Extreme White Limited)

The application 10335944-5c7f-411a-b958-8ba12aecb9b0-11.exe, “CinemaPlus-3.2cV21.08 exe” by Digit Network (Extreme White Limited) has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV21.08  (signed by Digit Network (Extreme White Limited))

Product:
CinemaPlus-3.2cV21.08

Description:
CinemaPlus-3.2cV21.08 exe

Version:
1000.1000.1000.1000

MD5:
f6267cb418628d9a73997ddc67e3f190

SHA-1:
50386bd88554f30f886e3b6642d68e2a3bbabec8

SHA-256:
f2c5b680b59e0542d342bab7407baa84b0c12ec79fe88d54ee54f05a8507f5b7

Scanner detections:
21 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/16/2024 1:00:32 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.tv1@mau!P0hO
532

AhnLab V3 Security
PUP/Win32.CrossRider
2015.08.22

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Application.Heur.E17EAB
1.0.0.425

AVG
Crossrider_r
2016.0.3010

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15821

Bitdefender
Gen:Application.Heur.tv1@mau!P0hO
1.0.20.1165

Bkav FE
W32.HfsAdware
1.3.0.7133

Comodo Security
Application.Win32.CrossRider.AQQ
23057

Dr.Web
Trojan.Crossrider1.42770
9.0.1.0233

ESET NOD32
Win32/Toolbar.CrossRider.CH potentially unwanted (variant)
9.12130

F-Secure
Gen:Application.Heur.tv1@mau!P0hO
11.2015-21-08_6

G Data
Gen:Application.Heur.tv1@mau!P0hO
15.8.25

K7 AntiVirus
Unwanted-Program
13.2016968

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1547

Malwarebytes
v2015.08.21.04

McAfee
PUP-FNR
5600.6666

MicroWorld eScan
Gen:Application.Heur.tv1@mau!P0hO
16.0.0.699

Panda Antivirus
PUP/HQVideoPro
15.08.21.04

Reason Heuristics
Adware.Crossrider.ExtremeWhite (M)
15.8.21.16

SUPERAntiSpyware
Adware.CrossRider/Variant
9678

File size:
1.3 MB (1,374,288 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaPlus-3.2cV21.08.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinemaplus-3.2cv21.08\10335944-5c7f-411a-b958-8ba12aecb9b0-11.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 1:00:00 AM

Valid to:
4/15/2016 12:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
8/20/2015 11:05:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Xj+qcXfq2jrFEwMxTtQPxxSz0cEakbf8Wcqd+ERfnNpSJ4TH:XjIX5ZMxT64z0cAfFPNpSJ4TH

Entry address:
0xC96E4

Entry point:
E8, 66, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 99, E5, 00, 00, 3B, 30, 7C, 07, E8, 90, E5, 00, 00, 8B, 30, E8, 83, E5, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, C0, 43, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 90, 8F, 52, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 69, 2D, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 90, 8F, 52, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 3B, D2...
 
[+]

Code size:
949 KB (971,776 bytes)

Scheduled Task
Task name:
10335944-5c7f-411a-b958-8ba12aecb9b0-11

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.1.66:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

Remove 10335944-5c7f-411a-b958-8ba12aecb9b0-11.exe - Powered by Reason Core Security