ba392883-5daf-4710-9000-4f20287fae06-10.exe

CinemaP-1.9cV27.09

Digit Network (Extreme White Limited)

The application ba392883-5daf-4710-9000-4f20287fae06-10.exe, “CinemaP-1.9cV27.09 exe” by Digit Network (Extreme White Limited) has been detected as adware by 9 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV27.09  (signed by Digit Network (Extreme White Limited))

Product:
CinemaP-1.9cV27.09

Description:
CinemaP-1.9cV27.09 exe

Version:
1000.1000.1000.1000

MD5:
cb983238a99293fcf3b8f3b33c3502c0

SHA-1:
b996ddeaf5614a2e8bafc935c1dcb62b2446ee78

SHA-256:
47c10d5290049f17f5eb7f3251720715d5dd91579f804d004b25b8b2e923beca

Scanner detections:
9 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/30/2024 7:21:41 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.2.2

avast!
Win32:Adware-CMH [PUP]
2014.9-151004

Dr.Web
Trojan.Crossrider1.42770
9.0.1.0277

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.12296

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1325

Malwarebytes
PUP.Optional.CrossRider
v2015.10.04.11

Reason Heuristics
Adware.Crossrider.ExtremeWhite (M)
15.9.27.13

Sophos
AppRider (PUA)
4.98

VIPRE Antivirus
Crossrider
44104

File size:
1.4 MB (1,497,680 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaP-1.9cV27.09.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinemap-1.9cv27.09\ba392883-5daf-4710-9000-4f20287fae06-10.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 2:00:00 AM

Valid to:
4/15/2016 1:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
9/27/2015 12:05:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Mr8S0Wd1e750dYx0FNCOiuFhmpOOrHwiXLTUpS2fMoZ8B1W5rpfqUmgs:W8v/WCQF+wibTUpS2fMoZ8jW5rpf7mgs

Entry address:
0xCC58D

Entry point:
E8, 53, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, C9, 54, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 91, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, C9, 54, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
1003 KB (1,027,072 bytes)

Scheduled Task
Task name:
ba392883-5daf-4710-9000-4f20287fae06-10_user

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.0.82:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

Remove ba392883-5daf-4710-9000-4f20287fae06-10.exe - Powered by Reason Core Security