bobylyrics-15-bg.exe

BobyLyrics-15

Showpass

The application bobylyrics-15-bg.exe, “BobyLyrics-15 exe” has been detected as adware by 14 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Showpass

Product:
BobyLyrics-15

Description:
BobyLyrics-15 exe

Version:
1000.1000.1000.1000

MD5:
556735687ca8aabf9aacb3d84a515d62

SHA-1:
b835106df1951f638bf37296c16c3a7ed1712a59

SHA-256:
8a68a4baa64153aa31549998ee5a47a9c0e3172fdd35f60067b4810409f52f66

Scanner detections:
14 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/25/2024 12:31:30 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic5
2014.0.3614

Baidu Antivirus
Trojan.Win32.Toolbar
4.0.3.131225

Bkav FE
W32.Clod763.Trojan
1.3.0.4613

Dr.Web
Trojan.Crossrider.6
9.0.1.0359

Emsisoft Anti-Malware
Adware.Generic.637165
8.13.12.25.01

ESET NOD32
Win32/Toolbar.CrossRider (variant)
7.9190

Fortinet FortiGate
Adware/Lyckriks
12/25/2013

F-Secure
Adware.Generic.637165
11.2013-25-12_4

G Data
Adware.Generic.637165
13.12.22

Malwarebytes
PUP.Optional.Lyrics.A
v2013.12.25.01

NANO AntiVirus
Trojan.Win32.Crossrider.cqkbmt
0.28.0.57029

Reason Heuristics
PUP.Crossrider.Showpass.Q
14.3.2.12

Vba32 AntiVirus
AdWare.Lyckriks
3.12.24.3

VIPRE Antivirus
Crossrider
24548

File size:
721 KB (738,304 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
BobyLyrics-15.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\bobylyrics-15\bobylyrics-15-bg.exe

File PE Metadata
Compilation timestamp:
8/12/2013 12:44:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:f9lZNxUdRL9ElrSOt/y14LtFdWE57idICSZxqP7X/2sHRU5s9/Dlo6TayS:J8RhArSORy14F57aQqDX/ZCA5TW

Entry address:
0x6FA36

Entry point:
E8, 73, AD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, E8, 2E, 4B, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, EC, 2E, 4B, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 4F, 0E, 00, 00, 85, C0, 75, 06, B8, 50, 30, 4B, 00, C3, 83, C0, 08, C3, E8, 3C, 0E, 00, 00, 85, C0, 75, 06, B8, 54, 30, 4B, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08...
 
[+]

Code size:
578.5 KB (592,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove bobylyrics-15-bg.exe - Powered by Reason Core Security