dfyhyug.exe

CineDPV2V16.09

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application dfyhyug.exe, “CineDPV2V16.09 exe” by Robokid Technologies has been detected as adware by 17 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
CineDPV16.09  (signed by Robokid Technologies)

Product:
CineDPV2V16.09

Description:
CineDPV2V16.09 exe

Version:
1000.1000.1000.1000

MD5:
bd54c5001fc45ceeb00fc93080826ca5

SHA-1:
92fdb11e5d53b4a1367194bf06121d029bc55dd6

SHA-256:
f539789935aa72be43d5a709ef45f95a89aead0b17bd4cde78f45f5bb3fb62da

Scanner detections:
17 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/26/2024 4:06:31 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2014.09.19

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.173.60

AVG
Generic
2015.0.3349

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.14917

Dr.Web
Trojan.Crossrider.31451
9.0.1.0267

ESET NOD32
Win32/Toolbar.CrossRider.AQ potentially unwanted application
8.7.0.302.0

G Data
Win32.Adware.Crossrider
14.9.24

K7 AntiVirus
Adware
13.183.13393

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.3203

Malwarebytes
PUP.Optional.TornTV.A
v2014.09.24.09

McAfee
Artemis!38CB07508EFE
5600.6941

NANO AntiVirus
Riskware.Win32.Crossrider.dffcko
0.28.2.62151

Panda Antivirus
Trj/Genetic.gen
14.09.17.05

Reason Heuristics
PUP.RobokidTechnologies.H
14.9.17.3

Sophos
Generic PUA PE
4.98

VIPRE Antivirus
Threat.4789396
32938

File size:
1.5 MB (1,521,688 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CineDPV2V16.09.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\dfyhyug.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/23/2014 1:00:00 AM

Valid to:
6/24/2015 12:59:59 AM

Subject:
CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata
Compilation timestamp:
9/16/2014 11:10:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:d3fj4lmuG9l8mayxZbfeexxjOto4L3IZsb6tDfwjyMLAepSi354THL4+:62z1bbme3UouLb6tWLAepSi3CTU+

Entry address:
0xEE830

Entry point:
E8, B9, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, EC, 01, 01, 00, 3B, 30, 7C, 07, E8, E3, 01, 01, 00, 8B, 30, E8, D6, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 34, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, E0, 40, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7E, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, E0, 40, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 35, EE...
 
[+]

Entropy:
6.6121

Code size:
1.1 MB (1,147,392 bytes)

Remove dfyhyug.exe - Powered by Reason Core Security