» 3282.exe
Overview
Analysis
File Details
Network (4)

3282.exe

CinemaPlus-3.2cV15.09

Digit Network (Extreme White Limited)

The application 3282.exe, “CinemaPlus-3.2cV15.09 exe” by Digit Network (Extreme White Limited) has been detected as adware by 25 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

3282.exe

Publisher:

Cinema PlusV15.09 (signed by Digit Network (Extreme White Limited))

Product:

CinemaPlus-3.2cV15.09

Description:

CinemaPlus-3.2cV15.09 exe

Version:

1000.1000.1000.1000

MD5:

eba5ab936b726ab892945985d7dbe65e

SHA-1:

2685565082b5ef0a5e558d1fd1a0c37cae67eeff

SHA-256:

8ce9c9dd8231f3bbd4948e22896b670d1a82af0f9da963955d1982d5394b23eb

Scanner detections:

25 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/24/2024 3:33:46 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.90886

507

AhnLab V3 Security

PUP/Win32.CrossRider

2015.09.16

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.2.2

Arcabit

Trojan.Adware.Strictor.D16306

1.0.0.527

avast!

Win32:Adware-CMH [PUP]

2014.9-150915

AVG

Crossrider_r

2016.0.2985

Bitdefender

Gen:Variant.Adware.Strictor.90886

1.0.20.1290

Bkav FE

W32.HfsAdware

1.3.0.7133

Comodo Security

Application.Win32.Crossrider.ALB

23240

Dr.Web

Trojan.Crossrider1.42770

9.0.1.0258

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.90886

8.15.09.15.04

ESET NOD32

Win32/Toolbar.CrossRider.CD potentially unwanted (variant)

9.12257

F-Prot

W32/Crossrider.L.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Strictor

11.2015-15-09_3

G Data

Gen:Variant.Adware.Strictor.90886

15.9.25

K7 AntiVirus

Unwanted-Program

13.210.17222

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.1422

Malwarebytes

PUP.Optional.CinemaPlus

v2015.09.15.04

MicroWorld eScan

Gen:Variant.Adware.Strictor.90886

16.0.0.774

NANO AntiVirus

Trojan.Win32.Agent.dvtooz

0.30.24.3283

Panda Antivirus

Trj/Genetic.gen

15.09.15.04

Quick Heal

Trojan.Crossrider.AM6

9.15.14.00

Reason Heuristics

PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited (M)

15.9.15.16

Sophos

AppRider (PUA)

4.98

SUPERAntiSpyware

Adware.CrossRider/Variant

9628

File size:

1.4 MB (1,501,776 bytes)

Product version:

1000.1000.1000.1000

Original file name:

CinemaPlus-3.2cV15.09.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\3282.exe

Digital Signature

Signed by:

Digit Network (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/15/2015 8:00:00 AM

Valid to:

4/15/2016 7:59:59 AM

Subject:

CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F39F5E5096779B72822CF8381166A432

File PE Metadata

Compilation timestamp:

9/15/2015 6:06:33 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:G8AlVfIuIzM/czB8GN2/xMNXlRQzX3s+8odf17eHFTgpSrXrBaWYZFS3qEWQk:fAYDOylijsbTgpSrXrBdYZFS3rWQk

Entry address:

0xC989D

Entry point:

E8, 4B, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, 19, 55, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, E1, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, 19, 55, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8... 
[+]

Entropy:

6.4359

Code size:

980.5 KB (1,004,032 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.97.234:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.10:80)

Remove 3282.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.