home

2198.exe

CinemaP-1.9cV30.06

Digit Network (Extreme White Limited)

The application 2198.exe, “CinemaP-1.9cV30.06 exe” by Digit Network (Extreme White Limited) has been detected as adware by 20 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV30.06  (signed by Digit Network (Extreme White Limited))

Product:
CinemaP-1.9cV30.06

Description:
CinemaP-1.9cV30.06 exe

Version:
1000.1000.1000.1000

MD5:
1c9d3f5b3356bd14276d16b658d050fd

SHA-1:
881a393e7833d84ba71d1fc982eb8cde9dee670f

SHA-256:
bb5a2790e94f4f116ef6f1fe7711cc521e38d2f95ce49203e0da0e1694ed0603

Scanner detections:
20 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
1/11/2025 11:49:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.188636
584

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.30

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Trojan.Adware.Graftor.D2E0DC
1.0.0.425

avast!
Win32:Adware-CMH [PUP]
2014.9-150630

AVG
Crossrider
2016.0.3062

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15630

Bitdefender
Gen:Variant.Adware.Graftor.188636
1.0.20.905

Bkav FE
W32.HfsAdware
1.3.0.6979

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.188636
8.15.06.30.04

ESET NOD32
Win32/Toolbar.CrossRider.CO potentially unwanted (variant)
9.11866

F-Secure
Gen:Variant.Adware.Graftor
11.2015-30-06_3

G Data
Gen:Variant.Adware.Graftor.188636
15.6.25

K7 AntiVirus
Unwanted-Program
13.205.16409

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1807

Malwarebytes
PUP.Optional.CrossRider.A
v2015.06.30.04

MicroWorld eScan
Gen:Variant.Adware.Graftor.188636
16.0.0.543

Panda Antivirus
Trj/Genetic.gen
15.06.30.04

Reason Heuristics
PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited (M)
15.6.30.12

SUPERAntiSpyware
PUP.CrossRider/Variant
9782

File size:
1.5 MB (1,545,808 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaP-1.9cV30.06.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\2198.exe

Digital Signature
Signed by:
Digit Network (Extreme White Limited)

Authority:
COMODO CA Limited

Valid from:
4/15/2015 12:00:00 AM

Valid to:
4/14/2016 11:59:59 PM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
6/30/2015 12:06:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:MpoxDDFgqruOZ6neB7wxPWJ20373S5NNwKN/TypSZlkwGhgm/VSgFqk2wM:bxvpwOJL7mVTypSZlk56m/VSgFL2wM

Entry address:
0xCBC3D

Entry point:
E8, 51, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, B9, 54, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 81, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, B9, 54, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Entropy:
6.4403

Code size:
997 KB (1,020,928 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-23-100-24.compute-1.amazonaws.com  (23.23.100.24:80)

TCP (HTTP):
Connects to ec2-50-19-252-204.compute-1.amazonaws.com  (50.19.252.204:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.66.10:80)

TCP (HTTP):
Connects to ec2-50-17-196-191.compute-1.amazonaws.com  (50.17.196.191:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-50-17-189-123.compute-1.amazonaws.com  (50.17.189.123:80)

TCP (HTTP):
Connects to ec2-54-235-191-108.compute-1.amazonaws.com  (54.235.191.108:80)

TCP (HTTP):
Connects to ec2-54-243-117-208.compute-1.amazonaws.com  (54.243.117.208:80)

TCP (HTTP):
Connects to ec2-107-22-247-81.compute-1.amazonaws.com  (107.22.247.81:80)

TCP (HTTP):
Connects to ec2-54-243-119-53.compute-1.amazonaws.com  (54.243.119.53:80)

TCP (HTTP):
Connects to ec2-23-23-109-78.compute-1.amazonaws.com  (23.23.109.78:80)

TCP (HTTP):
Connects to ec2-54-235-102-46.compute-1.amazonaws.com  (54.235.102.46:80)

TCP (HTTP):
Connects to ec2-174-129-208-167.compute-1.amazonaws.com  (174.129.208.167:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to ec2-54-243-110-17.compute-1.amazonaws.com  (54.243.110.17:80)

TCP (HTTP):
Connects to ec2-54-225-208-125.compute-1.amazonaws.com  (54.225.208.125:80)

TCP (HTTP):
Connects to ec2-54-243-231-184.compute-1.amazonaws.com  (54.243.231.184:80)

TCP (HTTP):
Connects to ec2-54-243-110-253.compute-1.amazonaws.com  (54.243.110.253:80)

TCP (HTTP):
Connects to ec2-54-235-128-66.compute-1.amazonaws.com  (54.235.128.66:80)

TCP (HTTP):
Connects to ec2-54-225-216-119.compute-1.amazonaws.com  (54.225.216.119:80)

Remove 2198.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.