7f4b918d-143c-4248-8a82-344c1d24fe7f-10.exe

CinemaP-1.9cV24.09

Digit Network (Extreme White Limited)

The application 7f4b918d-143c-4248-8a82-344c1d24fe7f-10.exe, “CinemaP-1.9cV24.09 exe” by Digit Network (Extreme White Limited) has been detected as adware by 22 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV24.09  (signed by Digit Network (Extreme White Limited))

Product:
CinemaP-1.9cV24.09

Description:
CinemaP-1.9cV24.09 exe

Version:
1000.1000.1000.1000

MD5:
642e5c2a0b713563cef15ec5b4676fe1

SHA-1:
08f3702634d1d62b0c20ac18bde40b97419dd2d6

SHA-256:
950b8cf2d3f12a2ba447db37e18ddfa89a95c42fc24b1aa61b5695828a817649

Scanner detections:
22 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/27/2024 3:46:27 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2015.09.25

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.2.2

Arcabit
PUP.WebToolbar.CrossRider.eai
1.0.0.567

avast!
Win32:Adware-CMH [PUP]
2014.9-150924

AVG
Crossrider_r
2016.0.2976

Bkav FE
W32.HfsAdware
1.3.0.7237

Comodo Security
Application.Win32.CrossRider.ALO
23293

Dr.Web
Trojan.Crossrider1.42770
9.0.1.0267

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.12296

F-Prot
W32/Crossrider.L.gen
v6.4.7.1.166

G Data
Win32.Adware.Crossrider
15.9.25

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1376

Malwarebytes
PUP.Optional.CrossRider
v2015.09.24.05

NANO AntiVirus
Trojan.Win32.Agent.dvtooz
0.30.26.3725

Panda Antivirus
Trj/Genetic.gen
15.09.24.05

Qihoo 360 Security
Win32/Virus.Adware.a87
1.0.0.1015

Quick Heal
Trojan.Crossrider.AM6
9.15.14.00

Reason Heuristics
Adware.Crossrider.ExtremeWhite (M)
15.9.24.17

Rising Antivirus
PE:PUF.CrossRider!1.A157[F1]
23.00.65.15922

Sophos
AppRider (PUA)
4.98

SUPERAntiSpyware
PUP.CrossRider/Variant
9610

VIPRE Antivirus
Crossrider
44022

File size:
1.5 MB (1,555,024 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaP-1.9cV24.09.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cinemap-1.9cv24.09\7f4b918d-143c-4248-8a82-344c1d24fe7f-10.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 12:00:00 AM

Valid to:
4/14/2016 11:59:59 PM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
9/24/2015 10:06:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:vvvpzkPOme0hc+q9frxIiR1eo61xDu6Z2vT4pSY/Y1GtcGpFyq1fqUmgU:/pw0IK1u18T4pSY8+yqR7mgU

Entry address:
0xCC25D

Entry point:
E8, 51, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, C9, 54, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 91, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, C9, 54, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Entropy:
6.4400

Code size:
1004 KB (1,028,096 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.48.178:80)

TCP (HTTP):
Connects to ec2-107-20-218-71.compute-1.amazonaws.com  (107.20.218.71:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to ec2-50-17-253-207.compute-1.amazonaws.com  (50.17.253.207:80)

TCP (HTTP):
Connects to ec2-174-129-208-167.compute-1.amazonaws.com  (174.129.208.167:80)

Remove 7f4b918d-143c-4248-8a82-344c1d24fe7f-10.exe - Powered by Reason Core Security