1975.exe

CinemaPlus-3.2cV26.05

Digit Network (Extreme White Limited)

The application 1975.exe, “CinemaPlus-3.2cV26.05 exe” by Digit Network (Extreme White Limited) has been detected as adware by 19 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address lb-212-222.above.com on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV26.05  (signed by Digit Network (Extreme White Limited))

Product:
CinemaPlus-3.2cV26.05

Description:
CinemaPlus-3.2cV26.05 exe

Version:
1000.1000.1000.1000

MD5:
f6450274b2333a0cb482aeea3b8c13e9

SHA-1:
6e74b427737d3037af1d16997a903d68f393df97

SHA-256:
512aa5d73c59fb12f1f3d1811dc188651a59297d4bf7440023df01c36851ccdb

Scanner detections:
19 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/14/2024 8:47:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.188636
5558769

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.27

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

avast!
Win32:Adware-CMH [PUP]
150525-2

AVG
Crossrider
2016.0.3097

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15526

Bitdefender
Gen:Variant.Graftor.188636
1.0.20.730

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Crossrider1.32536
9.0.1.0149

Emsisoft Anti-Malware
Gen:Variant.Graftor.188636
15.05.26

ESET NOD32
Win32/Toolbar.CrossRider.CO potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Graftor.188636
5.14.151

G Data
Gen:Variant.Graftor.188636
15.5.25

Malwarebytes
v2015.05.26.04

MicroWorld eScan
Gen:Variant.Graftor.188636
16.0.0.438

Panda Antivirus
Generic Suspicious
15.05.26.04

Reason Heuristics
PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited
15.5.26.16

Sophos
PUA 'AppRider' (of type Adware)
5.14

SUPERAntiSpyware
PUP.CrossRider/Variant
9852

File size:
1.5 MB (1,566,288 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaPlus-3.2cV26.05.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\1975.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/14/2015 9:00:00 PM

Valid to:
4/14/2016 8:59:59 PM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
5/26/2015 10:05:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Js13zctDX3c+ncxEyQuwk6TrI79MPjP+J0R0TKpSajoqfMM0faBALNSYqUmg0:JhMsuwLr1b+J60TKpSas3M0faBALNSYS

Entry address:
0xC860D

Entry point:
E8, 53, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, 09, 55, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, D1, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, 09, 55, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
979.5 KB (1,003,008 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-174-107.gru50.r.cloudfront.net  (52.84.174.107:80)

TCP (HTTP):
Connects to lb-212-222.above.com  (103.224.212.222:80)

TCP (HTTP):
Connects to server-54-230-206-167.atl50.r.cloudfront.net  (54.230.206.167:80)

TCP (HTTP):
Connects to server-54-230-206-223.atl50.r.cloudfront.net  (54.230.206.223:80)

TCP (HTTP):
Connects to server-54-192-59-6.gru1.r.cloudfront.net  (54.192.59.6:80)

TCP (HTTP):
Connects to ip-70.32.1.32.hosted.by.gigenet.com  (70.32.1.32:80)

TCP (HTTP):
Connects to server-54-230-206-8.atl50.r.cloudfront.net  (54.230.206.8:80)

TCP (HTTP):
Connects to server-52-84-174-64.gru50.r.cloudfront.net  (52.84.174.64:80)

TCP (HTTP):
Connects to server-52-84-174-243.gru50.r.cloudfront.net  (52.84.174.243:80)

TCP (HTTP):
Connects to ip-50-63-202-62.ip.secureserver.net  (50.63.202.62:80)

TCP (HTTP):
Connects to ec2-54-225-212-48.compute-1.amazonaws.com  (54.225.212.48:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to 186-229-127-56.ded.intelignet.com.br  (186.229.127.56:443)

Remove 1975.exe - Powered by Reason Core Security