home

d5dfc0ba-f544-413a-a03f-2959134f2578-1-7.exe

CinemaPlus-3.2cV07.04

Cinema PlusV07.04

The application d5dfc0ba-f544-413a-a03f-2959134f2578-1-7.exe, “CinemaPlus-3.2cV07.04 exe” has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema PlusV07.04

Product:
CinemaPlus-3.2cV07.04

Description:
CinemaPlus-3.2cV07.04 exe

Version:
1000.1000.1000.1000

MD5:
b0195473896a789001b45367f8e6471e

SHA-1:
66819e83ae8acd30515859c06e6890c85142052e

SHA-256:
96c0bbb2fe934a90334ed833feb463e742fb351ee49359e22d8d32dd0ccdd4ab

Scanner detections:
24 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/27/2024 2:30:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.ev0@m8JMPxgO
667

AhnLab V3 Security
PUP/Win32.CrossRider
2015.04.08

Avira AntiVirus
ADWARE/CrossRider.Gen7
3.6.1.96

avast!
Win32:Malware-gen
2014.9-150408

AVG
Crossrider
2016.0.3145

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1548

Bitdefender
Gen:Application.Heur.ev0@m8JMPxgO
1.0.20.490

Dr.Web
Trojan.Crossrider1.24987
9.0.1.098

Emsisoft Anti-Malware
Gen:Application.Heur.ev0@m8JMPxgO
8.15.04.08.01

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.11440

Fortinet FortiGate
Riskware/CrossRider
4/8/2015

F-Secure
Riskware.Gen:Application.Heur.ev0@m8JMPxgO
11.2015-08-04_4

G Data
Gen:Application.Heur.ev0@m8JMPxgO
15.4.25

herdProtect (fuzzy)
variant of a7d5d95f-c3f7-4dc7-b289-befb53cc4723-1-7.exe (Adware)
2015.7.11.14

Malwarebytes
PUP.Optional.CrossRider.A
v2015.04.08.01

McAfee
Artemis!B0195473896A
5600.6801

MicroWorld eScan
Gen:Application.Heur.ev0@m8JMPxgO
16.0.0.294

Norman
Gen:Application.Heur.ev0@k8JMPxgO
11.20150408

Qihoo 360 Security
Win32/Application.389
1.0.0.1015

Reason Heuristics
Adware.Crossrider.Task
15.4.8.9

Rising Antivirus
PE:Trojan.GoogUpdate!6.1E39
23.00.65.15406

Sophos
PUA 'AppRider' (of type Adware)
5.12

SUPERAntiSpyware
Adware.CrossRider/Variant
9948

Trend Micro House Call
Suspicious_GEN.F47V0407
7.2.98

File size:
1.1 MB (1,119,744 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaPlus-3.2cV07.04.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinemaplus-3.2cv07.04\d5dfc0ba-f544-413a-a03f-2959134f2578-1-7.exe

File PE Metadata
Compilation timestamp:
4/6/2015 6:14:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:rVFmeqH6uxLToU3V7vgH77/rbSEWapSxOVTM:rVQXL9VMHiTapSxOVTM

Entry address:
0xA0EB2

Entry point:
E8, CF, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00...
 
[+]

Entropy:
6.5590

Code size:
808.5 KB (827,904 bytes)

Scheduled Task
Task name:
d5dfc0ba-f544-413a-a03f-2959134f2578-1-7

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove d5dfc0ba-f544-413a-a03f-2959134f2578-1-7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.