auijladi.exe

Lights Cinema 1.3betaV19.04

Cinema PlusV19.04

The application auijladi.exe, “Lights Cinema 1.3betaV19.04 Installer” has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV19.04

Product:
Lights Cinema 1.3betaV19.04

Description:
Lights Cinema 1.3betaV19.04 Installer

Version:
1.36.01.22

MD5:
64709bf2e757cc69d2980aad870281d7

SHA-1:
c5774eeb4ee83c7bc347bc88e9367bb0f35f0e0c

SHA-256:
0c5d002af744198dd2ba21703f297760ae31e70b6c4f8e3f7e08f36b8f1c4ea5

Scanner detections:
21 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/23/2024 10:44:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.JS.Crossrider.B
601

Agnitum Outpost
Riskware.VMDetector
7.1.1

avast!
Win32:Malware-gen
2014.9-150614

AVG
Crossrider
2016.0.3079

Dr.Web
Trojan.Crossrider.46916
9.0.1.0165

ESET NOD32
Win32/Toolbar.CrossRider.CM potentially unwanted (variant)
9.11588

Fortinet FortiGate
PossibleThreat
6/14/2015

G Data
Script.Application.Plush
15.6.25

K7 AntiVirus
Adware
13.203.15801

Kaspersky
not-a-virus:WebToolbar.JS.CroRi
14.0.0.1888

McAfee
Artemis!64709BF2E757
5600.6735

MicroWorld eScan
Adware.JS.Crossrider.B
16.0.0.495

NANO AntiVirus
Trojan.Win32.Crossrider1.dqxuao
0.30.24.1357

Panda Antivirus
Generic Suspicious
15.06.14.11

Qihoo 360 Security
Win32/Virus.Adware.b31
1.0.0.1015

Reason Heuristics
PUP.Downloader.Installer
15.6.14.7

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15612

Trend Micro House Call
TROJ_GE.3DAAAE58
7.2.165

Trend Micro
TROJ_GE.3DAAAE58
10.465.14

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
40018

File size:
13.2 MB (13,826,648 bytes)

Copyright:
Copyright Cinema PlusV19.04

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\auijladi.exe

File PE Metadata
Compilation timestamp:
12/4/2012 1:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
393216:/eQjGHLHk4Ctty08RBBR9yZrXeORKNPcGZh973RJrCL:28GHrkBtg0yBBRISFlh13RJOL

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9992  (probably packed)

Code size:
34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.18.108:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-23-21-97-86.compute-1.amazonaws.com  (23.21.97.86:80)

Remove auijladi.exe - Powered by Reason Core Security