3006.exe

CinemaPlus-4.5vV28.05

Digit Network (Extreme White Limited)

The application 3006.exe, “CinemaPlus-4.5vV28.05 exe” by Digit Network (Extreme White Limited) has been detected as adware by 19 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address net130.234.188-226.ertelecom.ru on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV28.05  (signed by Digit Network (Extreme White Limited))

Product:
CinemaPlus-4.5vV28.05

Description:
CinemaPlus-4.5vV28.05 exe

Version:
1000.1000.1000.1000

MD5:
430438f12070f5f374e73ff3512116e0

SHA-1:
18487ea7bdb7bcc1e6e067a6e7b17b52655e7cba

SHA-256:
d0f35696f8780feb3e6a62cbebba631cb28742a412a6278516548afa7edcf6f2

Scanner detections:
19 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/23/2024 1:37:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.188636
616

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.29

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

avast!
Win32:Adware-CMH [PUP]
2014.9-150530

AVG
Crossrider
2016.0.3094

Bitdefender
Gen:Variant.Adware.Graftor.188636
1.0.20.750

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Crossrider1.32880
9.0.1.0155

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.188636
8.15.05.30.02

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.11700

F-Secure
Gen:Variant.Adware.Graftor
11.2015-30-05_7

G Data
Gen:Variant.Adware.Graftor.188636
15.5.25

Malwarebytes
v2015.05.30.02

MicroWorld eScan
Gen:Variant.Adware.Graftor.188636
16.0.0.450

Norman
Gen:Variant.Adware.Graftor.188636
11.20150604

Panda Antivirus
Generic Suspicious
15.05.30.02

Reason Heuristics
PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited
15.5.30.2

Sophos
AppRider
4.98

SUPERAntiSpyware
PUP.CrossRider/Variant
9845

File size:
1.5 MB (1,569,360 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaPlus-4.5vV28.05.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\3006.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 6:00:00 AM

Valid to:
4/15/2016 5:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
5/28/2015 7:05:39 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:RQl7zQVVZMHiJZ6OoYPHixPxU9DmGIz3Jf3o14CgjylzJuTBpS2pHgxOrcnflXaG:+lBq/yIDWzVWOyl8TBpS2pAxOaf1aA77

Entry address:
0xCE80D

Entry point:
E8, 53, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, 09, 55, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, D1, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, 09, 55, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
1016.5 KB (1,040,896 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-70.32.1.32.hosted.by.gigenet.com  (70.32.1.32:80)

TCP (HTTP):
Connects to net130.234.188-237.ertelecom.ru  (188.234.130.237:80)

TCP (HTTP):
Connects to net130.234.188-236.ertelecom.ru  (188.234.130.236:80)

TCP (HTTP):
Connects to net130.234.188-231.ertelecom.ru  (188.234.130.231:80)

TCP (HTTP):
Connects to net130.234.188-247.ertelecom.ru  (188.234.130.247:80)

TCP (HTTP):
Connects to net130.234.188-232.ertelecom.ru  (188.234.130.232:80)

TCP (HTTP):
Connects to server-54-192-130-32.ams50.r.cloudfront.net  (54.192.130.32:80)

TCP (HTTP):
Connects to net130.234.188-226.ertelecom.ru  (188.234.130.226:80)

TCP (HTTP):
Connects to lb-212-222.above.com  (103.224.212.222:80)

Remove 3006.exe - Powered by Reason Core Security