home

empire.state.2014.bdrip.xvid-rovers-hebsub-.avi.exe

The application empire.state.2014.bdrip.xvid-rovers-hebsub-.avi.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from bestorms.info and multiple other hosts.
MD5:
4000258fdd8cc2eb83b9d61a0bdba07f

SHA-1:
955466043a0f4c1567c3cfbca8d1efc77c364f5c

SHA-256:
d7888d4a389f2900185c1ffbb1db024a3135bd8b6068709666c381c7aa9c66ca

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
1/13/2025 7:42:23 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Agent-AYLT [PUP]
160518-2

AVG
Adware Generic_r.VD
2015.0.4604

Dr.Web
Trojan.Crossrider.36840
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.MPlug.16
16.07.11

ESET NOD32
Win32/AdWare.MultiPlug.CT application
8.0.319.0

Kaspersky
not-a-virus:HEUR:AdWare.Win32.MultiPlug
15.0.0.562

Norman
Gen:Variant.Adware.MPlug.16
19.05.2016 01:04:49

VIPRE Antivirus
Threat.5180739
50536

File size:
873 KB (893,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\empire.state.2014.bdrip.xvid-rovers-hebsub-.avi.exe

File PE Metadata
Compilation timestamp:
5/15/2013 8:20:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:UZ5GhQB7UhnfCbsa3keLvXIhkRW+lvrfGmTc2:25NB7Uu3JrXfkwvrf22

Entry address:
0x3D986

Entry point:
E8, 78, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, B5, 44, 00, E8, E4, 0F, 00, 00, E8, 45, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D6, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.7001  (probably packed)

Code size:
279 KB (285,696 bytes)

The file empire.state.2014.bdrip.xvid-rovers-hebsub-.avi.exe has been seen being distributed by the following 2 URLs.

http://bestorms.info/a851c13f51b58102177c40a33f3e887f/Gadol/dl.php?id=1415308646420206363&r=http://bestorican.net/v3925/.../?q=7+hCWok1j50VpefABCVe/Nzgsu7S3V9HUcQHRUzPKdq6T503jUYgwVVxwUCYCwUcrdgc4TtV69kzGHDwSNkC39Qu2RxjMKNoTsuT5nwRSoUAukTtAdPaySPMObfDYdpd0hvvVv0ZKIlP7lZTer939CgnPdcV9MWen16cCWlfb7DhxAZFRjDwcCHLgDXLj9Qs+a1KoZrhcSyAm74aIM32bKDuzO+tI5/04n3UsDao94xvLwimkAqfD+RXOsynHhg4tmUPMD/TqX9l5cBiCqHm74aZM8h3989VrjVnV5eiGFuUNXlGVKa/ZTqiI2+w7x0S3zGy1nJGw+a5CPj3tsZorEAZqR9mV94MX5J7&__rnd=fc6c761cb547198feeb44f60bed76675

http://bestorms.info/a851c13f51b58102177c40a33f3e887f/Gadol/dl.php?id=1415308646420206363&r=http://bestorican.net/v3925/lp/?q=7 hCWok1j50VpefABCVe/Nzgsu7S3V9HUcQHRUzPKdq6T503jUYgwVVxwUCYCwUcrdgc4TtV69kzGHDwSNkC39Qu2RxjMKNoTsuT5nwRSoUAukTtAdPaySPMObfDYdpd0hvvVv0ZKIlP7lZTer939CgnPdcV9MWen16cCWlfb7DhxAZFRjDwcCHLgDXLj9Qs a1KoZrhcSyAm74aIM32bKDuzO tI5/04n3UsDao94xvLwimkAqfD RXOsynHhg4tmUPMD/.../ZTqiI2 w7x0S3zGy1nJGw a5CPj3tsZorEAZqR9mV94MX5J7&__rnd=fc6c761cb547198feeb44f60bed76675

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.