» ee513a64-3d36-4736-a294-f5f86c20414a-7.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

ee513a64-3d36-4736-a294-f5f86c20414a-7.exe

App Lid

Lid

The application ee513a64-3d36-4736-a294-f5f86c20414a-7.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.

File name:

Publisher:

Lid

Product:

App Lid

Description:

App Lid exe

Version:

1000.1000.1000.1000

MD5:

902dd85743d3516cde953d8a44ceb8d5

SHA-1:

cb10dfc4f466a99de12b64589d2d7baa553ed2d2

SHA-256:

d97dd1cacd9f029c5fbc579359c141105bc0c964d0f3171c8ea3cc36ee7abdf5

Scanner detections:

1 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/24/2024 1:42:19 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Crossrider.Lid (M)

16.1.13.21

File size:

1.1 MB (1,138,688 bytes)

Product version:

1000.1000.1000.1000

Original file name:

App Lid.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\app lid\ee513a64-3d36-4736-a294-f5f86c20414a-7.exe

File PE Metadata

Compilation timestamp:

3/12/2015 12:04:45 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:CdTnls/tvHbOxyWcd7sdwN7RESlPWS0sljqpS3nRTq:ChYteCd7TN70ojqpS3nRTq

Entry address:

0xA2692

Entry point:

E8, C5, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B, 5E, 5F, C3, F7, C7, 03, 00... 
[+]

Code size:

825.5 KB (845,312 bytes)

Scheduled Task

Task name:

ee513a64-3d36-4736-a294-f5f86c20414a-7

Trigger:

Logon (Runs on logon)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.120.161:80)

Remove ee513a64-3d36-4736-a294-f5f86c20414a-7.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.