apps hat mini-firefoxinstaller.exe

Apps Hat Mini

Nero

The application apps hat mini-firefoxinstaller.exe, “Apps Hat Mini exe” has been detected as adware by 5 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity.
Publisher:
Nero

Product:
Apps Hat Mini

Description:
Apps Hat Mini exe

Version:
1000.1000.1000.1000

MD5:
56f98187bff3b9481f6b5494dd7ff87b

SHA-1:
311a1e71b37beaf30a20c249c9caab40e052c73e

SHA-256:
528a92048e19f80f9e4573c8024ebc996505435dbd4252aba36dfd282d97cb61

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/5/2024 11:36:25 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14425

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9611

Malwarebytes
PUP.Optional.AppsHat.A
v2014.04.25.05

Reason Heuristics
PUP.Crossrider.Nero.EE
14.4.25.17

VIPRE Antivirus
Crossrider
27824

File size:
931.5 KB (953,856 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Apps Hat Mini.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\Program Files\apps hat mini\apps hat mini-firefoxinstaller.exe

File PE Metadata
Compilation timestamp:
3/17/2014 7:19:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:tix3KmECiW6eEg8kr528KO+hLQ7xK1fv9zxpUpxNNWAoU0Mf+VSrILD8myAm2xxO:tix6mEF7eLF3jiLQ7xK1OQwamqfTw

Entry address:
0x9D8F0

Entry point:
E8, 82, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE...
 
[+]

Code size:
763.5 KB (781,824 bytes)

Scheduled Task
Task name:
Apps Hat Mini-firefoxinstaller

Trigger:
Logon (Runs on logon)

Action:
apps hat mini-firefoxinstaller.exe \installxpi \agentregpath='apps hat mini' \extensi


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-50-63-202-52.ip.secureserver.net  (50.63.202.52:80)

Remove apps hat mini-firefoxinstaller.exe - Powered by Reason Core Security