home

c1bf95b7-9d21-4302-bbde-c1ab4ab9ccf5-10.exe

I - Cinema

iCinema

The application c1bf95b7-9d21-4302-bbde-c1ab4ab9ccf5-10.exe has been detected as adware by 20 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Publisher:
iCinema

Product:
I - Cinema

Description:
I - Cinema exe

Version:
1000.1000.1000.1000

MD5:
cf4159463b40bedbbe4284ae1e3570bb

SHA-1:
2fd64a89b2799aba041e6615c5eb5f22afdac4d5

SHA-256:
dc30e9de94fd05f86222ca44517e2281711e2cf54030ae0b9a5f1ba3ac2fdd8e

Scanner detections:
20 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/22/2024 9:25:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Mikey.19602
535

AhnLab V3 Security
PUP/Win32.CrossRider
2015.08.19

Avira AntiVirus
ADWARE/CrossRider.Gen7
8.3.1.6

Arcabit
Trojan.Mikey.D4C92
1.0.0.425

avast!
Win32:Adware-CMH [PUP]
2014.9-150818

AVG
Generic_r
2016.0.3013

Bitdefender
Gen:Variant.Mikey.19602
1.0.20.1150

Dr.Web
Trojan.Crossrider1.42769
9.0.1.0234

Emsisoft Anti-Malware
Gen:Variant.Mikey.19602
8.15.08.18.03

ESET NOD32
Win32/Toolbar.CrossRider.CO potentially unwanted (variant)
9.12112

F-Secure
Gen:Variant.Mikey.19602
11.2015-18-08_3

G Data
Gen:Variant.Mikey.19602
15.8.25

Kaspersky
not-a-virus:HEUR:WebToolbar.Win32.CrossRider
14.0.0.1562

Malwarebytes
PUP.Optional.iCinema.A
v2015.08.18.03

MicroWorld eScan
Gen:Variant.Mikey.19602
16.0.0.690

Panda Antivirus
Generic Suspicious
15.08.18.03

Reason Heuristics
Adware.Crossrider.iCinema (M)
15.8.18.15

Rising Antivirus
PE:Malware.CrossRider!6.229B
23.00.65.15816

Sophos
AppRider (PUA)
4.98

SUPERAntiSpyware
Adware.CrossRider/Variant
9684

File size:
1.2 MB (1,289,728 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
I - Cinema.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\i - cinema\c1bf95b7-9d21-4302-bbde-c1ab4ab9ccf5-10.exe

File PE Metadata
Compilation timestamp:
8/18/2015 2:05:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:aQQMn21JxqCCX9S3iMumJvydsJJqTipS40FIBLQQMqAKU:bQccKXsi1dsHqTipS40uLQQMvKU

Entry address:
0x9A34D

Entry point:
E8, D3, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, F9, 50, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, C1, 50, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, F9, 50, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
768 KB (786,432 bytes)

Scheduled Task
Task name:
c1bf95b7-9d21-4302-bbde-c1ab4ab9ccf5-10_user

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ip-50-63-202-62.ip.secureserver.net  (50.63.202.62:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.18.26:80)

Remove c1bf95b7-9d21-4302-bbde-c1ab4ab9ccf5-10.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.