10335944-5c7f-411a-b958-8ba12aecb9b0-7.exe

CinemaPlus-3.2cV21.08

Digit Network (Extreme White Limited)

The application 10335944-5c7f-411a-b958-8ba12aecb9b0-7.exe, “CinemaPlus-3.2cV21.08 exe” by Digit Network (Extreme White Limited) has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV21.08  (signed by Digit Network (Extreme White Limited))

Product:
CinemaPlus-3.2cV21.08

Description:
CinemaPlus-3.2cV21.08 exe

Version:
1000.1000.1000.1000

MD5:
f0d109e5092bc090dd279215586850dc

SHA-1:
df7c14c6bf9ae0d32a36679a0d30f5989670deb0

SHA-256:
d3ae93278c453909eca63ff1bedde4188535830ecb33b06acf6644334921c412

Scanner detections:
21 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/24/2024 6:32:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.iv1@mmdrIijO
532

AhnLab V3 Security
PUP/Win32.CrossRider
2015.08.22

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Application.Heur.EEDCFE
1.0.0.425

AVG
Generic_r
2016.0.3010

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15821

Bitdefender
Gen:Application.Heur.iv1@mmdrIijO
1.0.20.1165

Bkav FE
W32.HfsAdware
1.3.0.7133

Comodo Security
Application.Win32.CrossRider.CK
23057

Dr.Web
Trojan.Crossrider1.42770
9.0.1.0233

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.12130

F-Secure
Gen:Application.Heur.iv1@mmdrIijO
11.2015-21-08_6

G Data
Gen:Application.Heur.iv1@mmdrIijO
15.8.25

K7 AntiVirus
Unwanted-Program
13.2016968

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1547

Malwarebytes
v2015.08.21.04

MicroWorld eScan
Gen:Application.Heur.iv1@mmdrIijO
16.0.0.699

Panda Antivirus
PUP/HQVideoPro
15.08.21.04

Reason Heuristics
Adware.Crossrider.ExtremeWhite (M)
15.8.21.16

Rising Antivirus
PE:Trojan.GoogUpdate!6.1E39[F1]
23.00.65.15819

SUPERAntiSpyware
Adware.CrossRider/Variant
9678

File size:
1.1 MB (1,187,408 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaPlus-3.2cV21.08.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinemaplus-3.2cv21.08\10335944-5c7f-411a-b958-8ba12aecb9b0-7.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 1:00:00 AM

Valid to:
4/15/2016 12:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
8/20/2015 11:05:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:RyGm0XXRP7Pk5wmqUli8IZFxk7CfuNeD1gpU6LzpS9UNTSqK:RyGm0XXRP7Pk5wXUli8I5nfnDszpS9U+

Entry address:
0xA071B

Entry point:
E8, CE, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B...
 
[+]

Code size:
803.5 KB (822,784 bytes)

Scheduled Task
Task name:
10335944-5c7f-411a-b958-8ba12aecb9b0-7

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.192.34:80)

Remove 10335944-5c7f-411a-b958-8ba12aecb9b0-7.exe - Powered by Reason Core Security