f595d1f2-69e4-4372-a2f7-90663f767dbc-11.exe

HD-V1.9

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application f595d1f2-69e4-4372-a2f7-90663f767dbc-11.exe by Evangelion Group has been detected as adware by 19 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
InfoHD-V1.8  (signed by Evangelion Group)

Product:
HD-V1.9

Description:
HD-V1.9 exe

Version:
1000.1000.1000.1000

MD5:
7dd07a7721014c3b7277d8465ad16b9e

SHA-1:
e0fc583d30ff0f1b69fd74157d845de5b9d683c7

SHA-256:
6fbfe7b1ead73e3e771326f6a06d54321deee97c27709ee660cd6dd11a0633e7

Scanner detections:
19 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
11/23/2024 5:11:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.374062
919

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.164.232

avast!
Win32:Adware-gen [Adw]
2014.9-140910

AVG
Generic
2015.0.3356

Bitdefender
Gen:Variant.Adware.Kazy.374062
1.0.20.1055

Dr.Web
Trojan.Crossrider.27143
9.0.1.0253

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.374062
8.14.07.30.01

ESET NOD32
Win32/Toolbar.CrossRider.AK (variant)
8.10190

F-Secure
Gen:Variant.Adware.Kazy.374062
11.2014-30-07_4

G Data
Gen:Variant.Adware.Kazy.374062
14.7.24

IKARUS anti.virus
not-a-virus:WebToolbar.CrossRider
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.InfoHD.A
v2014.07.30.01

McAfee
Artemis!AD65B8A94A82
5600.7012

MicroWorld eScan
Gen:Variant.Adware.Kazy.374062
15.0.0.633

Panda Antivirus
Trj/Genetic.gen
14.07.30.01

Reason Heuristics
PUP.EvangelionGroup.h
14.8.5.22

Sophos
Generic PUA CE
4.98

VIPRE Antivirus
Crossrider
31820

File size:
1.8 MB (1,935,728 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HD-V1.9.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hd-v1.9\f595d1f2-69e4-4372-a2f7-90663f767dbc-11.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/28/2014 3:00:00 AM

Valid to:
7/29/2015 2:59:59 AM

Subject:
CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata
Compilation timestamp:
7/30/2014 1:05:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:bG05nEjxtl0EXN1adtHsa+pSNxT4Uzn+nPRxJ:bHByth91a4EY

Entry address:
0xE7294

Entry point:
E8, 42, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 75, 01, 01, 00, 3B, 30, 7C, 07, E8, 6C, 01, 01, 00, 8B, 30, E8, 5F, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 60, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, B0, AB, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, B0, AB, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, D9, ED...
 
[+]

Code size:
1.1 MB (1,112,064 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-50-63-202-32.ip.secureserver.net  (50.63.202.32:80)

Remove f595d1f2-69e4-4372-a2f7-90663f767dbc-11.exe - Powered by Reason Core Security