disco_games_notification_service.exe

FileProperties_ProductName

FileProperties_CompanyName

The application disco_games_notification_service.exe, “FileProperties_FileDescription” has been detected as a potentially unwanted program by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
FileProperties_CompanyName

Product:
FileProperties_ProductName

Description:
FileProperties_FileDescription

Version:
1000.1000.1000.1000

MD5:
7016a5d74459577060366f7d1e44f495

SHA-1:
5571735939c37694399991815d6da64f953b12b9

SHA-256:
6956b70b5a27e9bd1b8d0cd07e41f32c2cad1dbf4d623da866abd9bab6eb2317

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/22/2024 9:51:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.171733
674

AhnLab V3 Security
PUP/Win32.CrossRider
2015.04.02

avast!
Win32:Adware-CMH [PUP]
2014.9-150401

AVG
Adware Generic6
2016.0.3057

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1541

Bitdefender
Gen:Variant.Adware.Graftor.171733
1.0.20.455

Bkav FE
W32.CrossRiderV.Adware
1.3.0.6379

Clam AntiVirus
Win.Adware.Crossrider-2051
0.98/23207

Dr.Web
Trojan.Crossrider1.24381
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.10000
11.5.0.6191

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted application
6.3.12010.0

F-Secure
Variant.Adware.Mikey
5.16.24

G Data
Gen:Variant.Adware.Graftor.171733
15.4.25

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.2.529

MicroWorld eScan
Gen:Variant.Adware.Graftor.171733
16.0.0.273

Norman
Gen:Variant.Adware.Mikey.10000
02.04.2016 17:35:19

Reason Heuristics
PUP.CrossRider (M)
16.4.15.23

Sophos
PUA 'AppRider' (of type Adware)
5.14

SUPERAntiSpyware
Adware.CrossRider/Variant
9962

VIPRE Antivirus
Threat.4150696
48434

File size:
1.4 MB (1,417,216 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
FileProperties_OriginalFilename.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\disco games\disco_games_notification_service.exe

File PE Metadata
Compilation timestamp:
3/30/2015 1:05:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:QaAj3rxvQZmqA+5nbUhx+c1qlIcD/2mK/duIyNSTOpS4/AnelEH3DV9qr97:PAj6SjalB/JFNSTOpS44nelE3DV9E97

Entry address:
0xC0B4D

Entry point:
E8, 29, FE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, D9, 53, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, A1, 53, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, D9, 53, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Entropy:
6.4743

Code size:
951.5 KB (974,336 bytes)

Scheduled Task
Task name:
disco_games_notification_service

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-62.ip.secureserver.net  (50.63.202.62:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.64.90:80)

TCP (HTTP):
Connects to ec2-23-21-185-158.compute-1.amazonaws.com  (23.21.185.158:80)

Remove disco_games_notification_service.exe - Powered by Reason Core Security