home

2007.exe

Cinem Plus 2.4cV01.06

Digit Network (Extreme White Limited)

The application 2007.exe, “Cinem Plus 2.4cV01.06 exe” by Digit Network (Extreme White Limited) has been detected as adware by 20 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.
Publisher:
Cinema Plus ProV01.06  (signed by Digit Network (Extreme White Limited))

Product:
Cinem Plus 2.4cV01.06

Description:
Cinem Plus 2.4cV01.06 exe

Version:
1000.1000.1000.1000

MD5:
6e076ac57c4a5c2af9322284683c6cd6

SHA-1:
cd32f5f5e7990c647a4ad40f9ae07be242eedfc2

SHA-256:
1f91a5202e5b4c4c9942c2fa5919e35317e9a02f8a49f5f6003152d565b207ec

Scanner detections:
20 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
12/28/2024 12:27:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.188636
5615282

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.02

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

avast!
Win32:Adware-CMH [PUP]
150531-1

AVG
Crossrider
2016.0.3091

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1561

Bitdefender
Gen:Variant.Adware.Graftor.188636
1.0.20.760

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.188636
10.0.0.5366

ESET NOD32
Win32/Toolbar.CrossRider.CO potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor
5.14.151

G Data
Gen:Variant.Adware.Graftor.188636
15.6.25

K7 AntiVirus
Unwanted-Program
13.204.16097

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

Malwarebytes
PUP.Optional.CrossRider.A
v2015.06.01.02

MicroWorld eScan
Gen:Variant.Adware.Graftor.188636
16.0.0.456

Norman
Gen:Variant.Adware.Graftor.188636
03.12.2014 13:20:04

Reason Heuristics
PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited
15.6.1.14

Sophos
PUA 'AppRider' (of type Adware)
5.14

SUPERAntiSpyware
Adware.CrossRider/Variant
9840

File size:
1.4 MB (1,448,528 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Cinem Plus 2.4cV01.06.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\2007.exe

Digital Signature
Signed by:
Digit Network (Extreme White Limited)

Authority:
COMODO CA Limited

Valid from:
4/15/2015 1:00:00 AM

Valid to:
4/15/2016 12:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
6/1/2015 1:05:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:yWrYoTOiAUhVzdDQ+g5NjxziE4H3sllwHnZJYLXP+rkkyT5pS3HViXn6+VledFtP:ZrYEyHOE4H3UKH8D+oXT5pS34Xn6+VmH

Entry address:
0xC2EBD

Entry point:
E8, 53, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, 59, 54, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 21, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, 59, 54, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
940 KB (962,560 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hdc86-35-3-193.romtelecom.net  (86.35.3.193:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.1.18:80)

Remove 2007.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.