» d27d98cf-e794-4cff-af62-6b907bb1b094-6.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

d27d98cf-e794-4cff-af62-6b907bb1b094-6.exe

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application d27d98cf-e794-4cff-af62-6b907bb1b094-6.exe by Porter Studio Plus has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Radio Canyon (signed by Porter Studio Plus)

Product:

Radio Canyon

Description:

Radio Canyon exe

Version:

1000.1000.1000.1000

MD5:

e8be2db56311d2f6eed2cb7ce6752819

SHA-1:

0698f7b623e98e71485a70b4ded38d7b555b17c5

SHA-256:

e5c30726f3542f16afdba84bb6c7320e0451a4c043e4cb5f467fa657c6a23e25

Scanner detections:

12 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/27/2024 1:40:06 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen4

7.11.182.78

avast!

Win32:Crossrider-AI [PUP]

141025-0

AVG

Generic

2015.0.3306

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.141121

ESET NOD32

Win32/Toolbar.CrossRider.AY (variant)

8.10643

F-Prot

W32/A-865d81b8

v6.4.7.1.166

G Data

Win32.Adware.Crossrider

14.10.24

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.2912

Malwarebytes

PUP.Optional.RadioCanyon.A

v2014.10.30.05

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Task.g

14.11.3.21

VIPRE Antivirus

Threat.4789396

34232

File size:

1.2 MB (1,282,464 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Radio Canyon.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\radio canyon\d27d98cf-e794-4cff-af62-6b907bb1b094-6.exe

Digital Signature

Signed by:

Porter Studio Plus

Authority:

COMODO CA Limited

Valid from:

10/19/2014 7:00:00 PM

Valid to:

10/20/2015 6:59:59 PM

Subject:

CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata

Compilation timestamp:

10/29/2014 3:37:47 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:p0OPfLmgc7ob4xkyyxcIXwen0V1KlZ4TXpS+aP2zDvplvy:uO6foMDyxhwT1M4TXpS+a+zDvplvy

Entry address:

0xA6110

Entry point:

E8, CF, 03, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, AC, 50, 00, E8, 2A, 79, 00, 00, E8, FC, 55, 00, 00, 0F, B7, F0, 6A, 02, E8, 62, 03, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, F6, 8C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4375

Code size:

832 KB (851,968 bytes)

Scheduled Task

Task name:

d27d98cf-e794-4cff-af62-6b907bb1b094-6

Trigger:

Logon (Runs on logon)

Action:

d27d98cf-e794-4cff-af62-6b907bb1b094-6.exe \rawdata=sbq+wp91nogvbcjuj91lffkw0yozpihewtpnd9jjl

The file d27d98cf-e794-4cff-af62-6b907bb1b094-6.exe has been discovered within the following program.

Radio Canyon by Bright circle investments Ltd.

Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

88% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.11.114:80)

Remove d27d98cf-e794-4cff-af62-6b907bb1b094-6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.