byaiamuf.exe

CinemaP-1.9cV16.03

Cinema PlusV16.03

The application byaiamuf.exe, “CinemaP-1.9cV16.03 exe” has been detected as a potentially unwanted program by 25 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named BYAIAMUF triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address 125.235.4.59.adsl.viettel.vn on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV16.03

Product:
CinemaP-1.9cV16.03

Description:
CinemaP-1.9cV16.03 exe

Version:
1000.1000.1000.1000

MD5:
877759fe37e2eed150c792006b342bc3

SHA-1:
8798108fe24a6c96c466d8b03e044dc7f8f17a59

SHA-256:
5e5fb6be6900b65a94ca167f1221bc0888fa74a13cbc5d80db926ca6db512ba7

Scanner detections:
25 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/15/2024 4:50:56 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.8v0@mejGCfeO
6578507

AhnLab V3 Security
PUP/Win32.CrossRider
2015.03.20

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.218.126

avast!
Win32:Malware-gen
150319-1

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15319

Bitdefender
Gen:Application.Heur.8v0@mejGCfeO
1.0.20.390

Comodo Security
Application.Win32.Plush.GRI
21466

Dr.Web
Trojan.Crossrider1.22190
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Heur.8v0@mejGCfeO
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.CB potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.8v0@mejGCfeO
5.13.68

G Data
Gen:Application.Heur.8v0@mejGCfeO
15.3.25

herdProtect (fuzzy)
2015.6.25.10

K7 AntiVirus
Adware
13.202.15421

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

Malwarebytes
v2015.03.19.02

McAfee
Trojan.Artemis!877759FE37E2
16.8.708.2

MicroWorld eScan
Gen:Application.Heur.8v0@mejGCfeO
16.0.0.234

Norman
Gen:Application.Heur.8v0@kejGCfeO
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.03.19.02

Qihoo 360 Security
Win32/Application.95a
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.3.19.14

SUPERAntiSpyware
Adware.CrossRider/Variant
9792

Trend Micro House Call
TROJ_GEN.R0C1H07CI15
7.2.78

Zillya! Antivirus
Adware.CrossRider.Win32.4008
2.0.0.2121

File size:
1.9 MB (2,035,200 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaP-1.9cV16.03.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\byaiamuf.exe

File PE Metadata
Compilation timestamp:
3/15/2015 4:12:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:zGeJ9dt1PBkRp/TDWzpW+wpSprT+Z1V1Dz:NdPBiezpd

Entry address:
0xF9E41

Entry point:
E8, 65, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 98, FE, 00, 00, 3B, 30, 7C, 07, E8, 8F, FE, 00, 00, 8B, 30, E8, 82, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 40, 50, 56, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 40, 50, 56, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, FC, EA...
 
[+]

Entropy:
6.8639

Code size:
1.2 MB (1,212,416 bytes)

Scheduled Task
Task name:
BYAIAMUF

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 125.235.4.59.adsl.viettel.vn  (125.235.4.59:80)

TCP (HTTP):
Connects to ip-50-63-202-45.ip.secureserver.net  (50.63.202.45:80)

TCP (HTTP):
Connects to FRCU-S7MSLP3.EUN.EG  (193.227.1.33:80)

Remove byaiamuf.exe - Powered by Reason Core Security