home

8925.exe

City Center Games (Extreme White Limited)

The application 8925.exe by City Center Games (Extreme White Limited) has been detected as adware by 16 anti-malware scanners. This file is typically installed with the program Crossbrowse by CLARALABSOFTWARE which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from m.ahlabahla97.com and multiple other hosts.
Publisher:
City Center Games (Extreme White Limited)  (signed and verified)

Version:
106.0.0.0

MD5:
27bb9ec08bd4532e385050f45fc39902

SHA-1:
a933519b539afcdce688917895d110b6fdadc2fe

SHA-256:
7ad688d5507ae8c0c5d2e4ef4ef19dc575f02b84d01abb0dc6cc91b292cc6ae9

Scanner detections:
16 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/24/2024 8:11:12 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.18

Avira AntiVirus
ADWARE/CrossRider.1918040.1
8.3.1.6

AVG
Win32/DH{gRITfWUDICIlAFdO}
2016.0.3105

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15518

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Crossrider1.31292
9.0.1.0142

Emsisoft Anti-Malware
Trojan.Generic.14557556
8.15.05.22.02

ESET NOD32
Win32/Toolbar.CrossRider.CN potentially unwanted (variant)
9.11640

F-Secure
Trojan.Generic.14557556
11.2015-22-05_6

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2020

Malwarebytes
PUP.Optional.CrossBrowse
v2015.05.18.10

McAfee
Artemis!27BB9EC08BD4
5600.6761

Reason Heuristics
PUP.installCore.CityCenterGamesExtremeWhiteLimited
15.5.18.18

Sophos
AppRider
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Crossrider
40318

File size:
1.8 MB (1,918,040 bytes)

Product version:
106.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\8925.exe

Digital Signature
Signed by:
City Center Games (Extreme White Limited)

Authority:
COMODO CA Limited

Valid from:
4/14/2015 8:00:00 PM

Valid to:
4/14/2016 7:59:59 PM

Subject:
CN=City Center Games (Extreme White Limited), O=City Center Games (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00808728FFBF020E8929813B59AA2EC529

File PE Metadata
Compilation timestamp:
5/14/2015 4:07:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:7cQAetL1sghI/F2gOKByQSnTHpShO3W2HgPnfQOuO39lzN:AYta+I/p+tQ1

Entry address:
0x12447E

Entry point:
E8, 48, 11, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 24, EE, 5B, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, 2E, 5B, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 24, EE, 5B, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01...
 
[+]

Entropy:
6.6626

Code size:
1.3 MB (1,374,208 bytes)

The file 8925.exe has been discovered within the following programs.

Crossbrowse  by CLARALABSOFTWARE
87% remove it
 
Powered by Should I Remove It?

The file 8925.exe has been seen being distributed by the following 2 URLs.

http://m.ahlabahla97.com/FlashBeat/.../Setup.exe

http://dl.ourstaticdatastorage.com/69/all/cp/.../setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.9.92:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to ec2-54-83-202-199.compute-1.amazonaws.com  (54.83.202.199:80)

TCP (HTTP):
Connects to ec2-54-83-200-118.compute-1.amazonaws.com  (54.83.200.118:80)

TCP (HTTP):
Connects to ec2-54-243-45-241.compute-1.amazonaws.com  (54.243.45.241:80)

TCP (HTTP):
Connects to ec2-54-243-234-235.compute-1.amazonaws.com  (54.243.234.235:80)

TCP (HTTP):
Connects to ec2-54-243-224-121.compute-1.amazonaws.com  (54.243.224.121:80)

TCP (HTTP):
Connects to ec2-54-243-114-196.compute-1.amazonaws.com  (54.243.114.196:80)

TCP (HTTP):
Connects to ec2-54-235-66-200.compute-1.amazonaws.com  (54.235.66.200:80)

TCP (HTTP):
Connects to ec2-54-235-248-112.compute-1.amazonaws.com  (54.235.248.112:80)

TCP (HTTP):
Connects to ec2-54-225-236-39.compute-1.amazonaws.com  (54.225.236.39:80)

TCP (HTTP):
Connects to ec2-54-225-216-141.compute-1.amazonaws.com  (54.225.216.141:80)

TCP (HTTP):
Connects to ec2-54-225-179-119.compute-1.amazonaws.com  (54.225.179.119:80)

TCP (HTTP):
Connects to ec2-54-225-166-43.compute-1.amazonaws.com  (54.225.166.43:80)

TCP (HTTP):
Connects to ec2-54-204-5-212.compute-1.amazonaws.com  (54.204.5.212:80)

TCP (HTTP):
Connects to ec2-54-197-235-183.compute-1.amazonaws.com  (54.197.235.183:80)

TCP (HTTP):
Connects to ec2-50-19-231-120.compute-1.amazonaws.com  (50.19.231.120:80)

TCP (HTTP):
Connects to ec2-50-16-227-214.compute-1.amazonaws.com  (50.16.227.214:80)

TCP (HTTP):
Connects to ec2-50-16-204-94.compute-1.amazonaws.com  (50.16.204.94:80)

TCP (HTTP):
Connects to ec2-23-23-85-207.compute-1.amazonaws.com  (23.23.85.207:80)

Remove 8925.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.