f27fc1a6-55a5-462d-aaea-0b55c38f8068-7.exe

Cinem Plus 2.4cV23.09

Digit Network (Extreme White Limited)

The application f27fc1a6-55a5-462d-aaea-0b55c38f8068-7.exe, “Cinem Plus 2.4cV23.09 exe” by Digit Network (Extreme White Limited) has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Cinema Plus ProV23.09  (signed by Digit Network (Extreme White Limited))

Product:
Cinem Plus 2.4cV23.09

Description:
Cinem Plus 2.4cV23.09 exe

Version:
1000.1000.1000.1000

MD5:
d84b256785cd8fa5cde78d335ba20391

SHA-1:
ce420637bb954e6d08966b4c6c6c77c309028d24

SHA-256:
4450064165994e5fd3f9a5246b6e9568f45e1befcf44f391296d9ffd312c2e9f

Scanner detections:
22 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/25/2024 9:00:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.ev1@mKvE9wiO
498

AhnLab V3 Security
PUP/Win32.CrossRider
2015.09.24

Arcabit
PUP.WebToolbar.CrossRider.eai
1.0.0.567

AVG
Generic_r
2016.0.2976

Bitdefender
Gen:Application.Heur.ev1@mKvE9wiO
1.0.20.1340

Bkav FE
W32.HfsAdware
1.3.0.7237

Comodo Security
Application.Win32.CrossRider.CK
23290

Dr.Web
Trojan.Crossrider1.42770
9.0.1.0268

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.12296

F-Secure
Gen:Application.Heur.ev1@mKvE9wiO
11.2015-25-09_6

G Data
Gen:Application.Heur.ev1@mKvE9wiO
15.9.25

K7 AntiVirus
Unwanted-Program
13.210.17312

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.1373

Malwarebytes
PUP.Optional.CrossRider
v2015.09.25.10

MicroWorld eScan
Gen:Application.Heur.ev1@mKvE9wiO
16.0.0.804

NANO AntiVirus
Trojan.Win32.Agent.dvtooz
0.30.26.3725

Panda Antivirus
Trj/Genetic.gen
15.09.25.10

Qihoo 360 Security
Win32/Application.ad1
1.0.0.1015

Reason Heuristics
Adware.Crossrider.ExtremeWhite (M)
15.9.25.10

Rising Antivirus
PE:PUF.CrossRider!1.A157[F1]
23.00.65.15923

SUPERAntiSpyware
Adware.CrossRider/Variant
9608

VIPRE Antivirus
Crossrider
44006

File size:
1.1 MB (1,127,504 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Cinem Plus 2.4cV23.09.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinem plus 2.4cv23.09\f27fc1a6-55a5-462d-aaea-0b55c38f8068-7.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/15/2015 7:00:00 AM

Valid to:
4/15/2016 6:59:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
9/23/2015 8:04:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:0iv7HdM/6xhlM+L/aDnzBtImM3F4RhC8eEdThTBmePBLM7pS4bqpTSpBa3:0c9M/6xhlM+Jmc6C8eExrvLM7pS4CTk2

Entry address:
0x9E65B

Entry point:
E8, D6, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B...
 
[+]

Entropy:
6.5363

Code size:
790.5 KB (809,472 bytes)

Scheduled Task
Task name:
f27fc1a6-55a5-462d-aaea-0b55c38f8068-7

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.40.9:80)

TCP (HTTP):
Connects to ip-184-168-221-50.ip.secureserver.net  (184.168.221.50:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

Remove f27fc1a6-55a5-462d-aaea-0b55c38f8068-7.exe - Powered by Reason Core Security