home

file.exe

The application file.exe has been detected as a potentially unwanted program by 25 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from bookchi.in and multiple other hosts.
MD5:
a23a4d0b666928e38230651ffd2a7993

SHA-1:
dd184254e3e199241fdc8b0763357e9f70fd4c12

SHA-256:
56a45f851e77ca942833443d8d2c7efaf1d6e780788e1f8a1a1546453dfa01c9

Scanner detections:
25 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/24/2024 12:50:53 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OZM
6205011

AhnLab V3 Security
PUP/Win32.MultiPlug
2014.12.20

Avira AntiVirus
ADWARE/MultiPlug.Gen7
7.11.196.230

avast!
Win32:MultiPlug-JU [PUP]
141214-1

AVG
Adware Generic_r.VD
2014.0.4235

Bitdefender
Adware.Agent.OZM
1.0.20.1770

Comodo Security
Application.Win32.Multiplug.CT
20419

Dr.Web
Trojan.Crossrider.37839
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.OZM
9.0.0.4668

ESET NOD32
Win32/AdWare.MultiPlug.CT application
7.0.302.0

Fortinet FortiGate
Adware/MultiPlug
12/20/2014

F-Prot
W32/MultiPlug.F.gen
v6.4.7.1.166

F-Secure
Adware.Agent.OZM
5.13.68

G Data
Adware.Agent.OZM
14.12.24

K7 AntiVirus
Unwanted-Program
13.188.14395

Kaspersky
not-a-virus:AdWare.Win32.MultiPlug
15.0.0.543

Malwarebytes
PUP.Optional.MultiPlug
v2014.12.20.12

McAfee
Program.MultiPlug-FRO
16.8.708.2

MicroWorld eScan
Adware.Agent.OZM
15.0.0.1062

NANO AntiVirus
Riskware.Win32.MultiPlug.dfjscb
0.28.6.64267

Norman
Adware.Agent.OZM
04.12.2014 14:30:06

nProtect
Adware.Agent.OZM
14.12.19.01

Sophos
PUA 'MultiPlug' (of type Adware)
5.09

Vba32 AntiVirus
SScope.Adware.MultiPlug
3.12.26.3

Zillya! Antivirus
Backdoor.PePatch.Win32.52509
2.0.0.2010

File size:
873.5 KB (894,464 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\file.exe

File PE Metadata
Compilation timestamp:
3/30/2013 6:27:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:t+da0P9qqLoFKwweq0d1R9PqljMJ1puWU7:tea0PMqMdq0d9qmBu97

Entry address:
0x3DCA6

Entry point:
E8, 78, 48, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, B5, 44, 00, E8, E4, 0F, 00, 00, E8, 45, 4A, 00, 00, 0F, B7, F0, 6A, 02, E8, 0B, 48, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, D6, 08, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
279.5 KB (286,208 bytes)

The file file.exe has been seen being distributed by the following 3 URLs.

http://bookchi.in/v20644/lp/?q=re5VPRFwNXAvUxztvq0RsO4e/.../wIEWhuSJvFKbHt2mU1RyUrCdGzrpALiRfm4Jur1JI&external_id=1414767846022434025

http://bookbook.in/653c6005bf37c83509b2a5b790b1191b/turbt/dl.php?id=1414767846022434025&r=http://bookchi.in/v20644/lp/?q=re5VPRFwNXAvUxztvq0RsO4e/.../wIEWhuSJvFKbHt2mU1RyUrCdGzrpALiRfm4Jur1JI&__rnd=4172d9cd56a426763745b18dd7792788

http://bookbook.in/653c6005bf37c83509b2a5b790b1191b/turbt/dl.php?id=1414767846022434025&r=http://bookchi.in/v20644/lp/?q=re5VPRFwNXAvUxztvq0RsO4e/.../wIEWhuSJvFKbHt2mU1RyUrCdGzrpALiRfm4Jur1JI&__rnd=4172d9cd56a426763745b18dd7792788

Remove file.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.