firefoxuninstaller63311.exe

TheTorntv V10

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application firefoxuninstaller63311.exe, “TheTorntv V10 exe” by Naruto Source has been detected as adware by 22 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address ip-184-168-221-56.ip.secureserver.net on port 80 using the HTTP protocol. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
esc  (signed by Naruto Source)

Product:
TheTorntv V10

Description:
TheTorntv V10 exe

Version:
1000.1000.1000.1000

MD5:
dca7682102f2759934ce288be2458fde

SHA-1:
2a9736c35209ad8ce1af6955d449ada77d2b0b01

SHA-256:
bda312a7bcaaabb7936619fdc46a9d4135247215d7439b28a56352923b2421a1

Scanner detections:
22 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/23/2024 4:25:12 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.CrossRider
2014.08.30

Avira AntiVirus
Adware/CrossRider.pl
7.11.169.248

AVG
Stampede
2015.0.3352

Baidu Antivirus
Adware.NSIS.Adwapper
4.0.3.14913

Dr.Web
Trojan.Crossrider.30851
9.0.1.0256

ESET NOD32
Win32/Toolbar.CrossRider.AK (variant)
8.10310

Fortinet FortiGate
Adware/Adwapper
9/13/2014

F-Prot
W32/A-222a040e
v6.4.7.1.166

IKARUS anti.virus
AdWare.Adload
t3scan.1.7.5.0

K7 AntiVirus
Riskware
13.183.13257

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3257

Malwarebytes
PUP.Optional.HighHD.A
v2014.09.13.12

McAfee
Artemis!F23B90751481
5600.7008

NANO AntiVirus
Trojan.Win32.GoogUpdate.degcmv
0.28.2.61861

Panda Antivirus
Trj/Genetic.gen
14.09.13.12

Qihoo 360 Security
Win32/Virus.Adware.960
1.0.0.1015

Reason Heuristics
PUP.NarutoSource.X
14.9.13.12

Sophos
Generic PUA CK
4.98

Trend Micro House Call
Suspicious_GEN.F47V0826
7.2.256

VIPRE Antivirus
Crossrider
32526

Zillya! Antivirus
Trojan.GoogUpdate.Win32.1169
2.0.0.1911

File size:
1.4 MB (1,418,088 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
TheTorntv V10.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\firefoxuninstaller63311.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/28/2014 3:00:00 AM

Valid to:
7/29/2015 2:59:59 AM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
8/24/2014 1:04:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:kDh+vzyXu66zIxN8YwAmVVxxw2uEbYfXsaHqvWbAWpVpSobTX+:kI2u3a8YwAcV3XuVfX+YAWpVpSobTX+

Entry address:
0xDEE60

Entry point:
E8, 62, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 95, 01, 01, 00, 3B, 30, 7C, 07, E8, 8C, 01, 01, 00, 8B, 30, E8, 7F, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, D4, 5E, 00, 00, 8B, F0, 85, F6, 75, 07, B8, D0, A9, 53, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7E, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, D0, A9, 53, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, DE, ED...
 
[+]

Code size:
1 MB (1,052,160 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-184-168-221-56.ip.secureserver.net  (184.168.221.56:80)

Remove firefoxuninstaller63311.exe - Powered by Reason Core Security