987aa414-3a1a-4584-b7eb-f159a1115523-10.exe

CinemaPlus-3.2cV11.06

Digit Network (Extreme White Limited)

The application 987aa414-3a1a-4584-b7eb-f159a1115523-10.exe, “CinemaPlus-3.2cV11.06 exe” by Digit Network (Extreme White Limited) has been detected as adware by 28 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV11.06  (signed by Digit Network (Extreme White Limited))

Product:
CinemaPlus-3.2cV11.06

Description:
CinemaPlus-3.2cV11.06 exe

Version:
1000.1000.1000.1000

MD5:
ea54d36f5ac16c96f12fa553cc5deaca

SHA-1:
114d9a500b71d3b9ec4541cb091ec793d7010d78

SHA-256:
f92e3b86ad54e1add5bb5481a47da3c505685a8d7ba69b5b78619b8a9622ad69

Scanner detections:
28 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/25/2024 9:00:15 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.188636
602

AhnLab V3 Security
PUP/Win32.CrossRider
2015.06.12

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Trojan.Adware.Graftor.D2E0DC
1.0.0.425

avast!
Win32:Adware-CMH [PUP]
2014.9-150612

AVG
Crossrider
2016.0.3080

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15612

Bitdefender
Gen:Variant.Adware.Graftor.188636
1.0.20.815

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Crossrider1.36195
9.0.1.0163

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.188636
8.15.06.12.02

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.11774

Fortinet FortiGate
Riskware/CrossRider
6/12/2015

F-Secure
Gen:Variant.Adware.Graftor
11.2015-12-06_6

G Data
Gen:Variant.Adware.Graftor.188636
15.6.25

K7 AntiVirus
Unwanted-Program
13.205.16218

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1897

Malwarebytes
v2015.06.12.02

McAfee
Artemis!EA54D36F5AC1
5600.6736

MicroWorld eScan
Gen:Variant.Adware.Graftor.188636
16.0.0.489

Norman
Gen:Variant.Adware.Graftor.188636
11.20150615

Panda Antivirus
Trj/Genetic.gen
15.06.12.02

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.Crossrider.ExtremeWhite
15.6.12.10

Rising Antivirus
PE:Malware.Adwapper!6.2061
23.00.65.15610

Sophos
AppRider
4.98

SUPERAntiSpyware
Adware.CrossRider/Variant
9818

VIPRE Antivirus
Threat.4150696
40828

File size:
1.2 MB (1,284,688 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaPlus-3.2cV11.06.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinemaplus-3.2cv11.06\987aa414-3a1a-4584-b7eb-f159a1115523-10.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 10:00:00 AM

Valid to:
4/15/2016 9:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
6/11/2015 11:07:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:5qNdEStez2gg2x6Zt41+qjjMIz3rZXRnTepSL2OKEYELYerdOJNadqxvV/:oNdRZgC4BjjDHnTepS6OOELldOJMdGvF

Entry address:
0x9E6BD

Entry point:
E8, C9, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, 99, 51, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 61, 51, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, 99, 51, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Entropy:
6.4768

Code size:
801 KB (820,224 bytes)

Scheduled Task
Task name:
987aa414-3a1a-4584-b7eb-f159a1115523-10_user

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.83.9:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-23-23-109-78.compute-1.amazonaws.com  (23.23.109.78:80)

TCP (HTTP):
Connects to ec2-54-243-158-73.compute-1.amazonaws.com  (54.243.158.73:80)

TCP (HTTP):
Connects to ec2-54-235-183-213.compute-1.amazonaws.com  (54.235.183.213:80)

TCP (HTTP):
Connects to ec2-54-225-216-119.compute-1.amazonaws.com  (54.225.216.119:80)

TCP (HTTP):
Connects to ec2-23-23-196-129.compute-1.amazonaws.com  (23.23.196.129:80)

TCP (HTTP):
Connects to ec2-23-23-190-31.compute-1.amazonaws.com  (23.23.190.31:80)

TCP (HTTP):
Connects to ec2-23-21-185-158.compute-1.amazonaws.com  (23.21.185.158:80)

TCP (HTTP):
Connects to ec2-204-236-230-220.compute-1.amazonaws.com  (204.236.230.220:80)

TCP (HTTP):
Connects to ec2-107-21-245-181.compute-1.amazonaws.com  (107.21.245.181:80)

Remove 987aa414-3a1a-4584-b7eb-f159a1115523-10.exe - Powered by Reason Core Security