hacdgbyj.exe

Movie Master

Green Fire Software

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application hacdgbyj.exe by Green Fire Software has been detected as adware by 6 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Green Fire Software  (signed and verified)

Product:
Movie Master

Description:
MovieMaster

Version:
1.0.0.0

MD5:
e65f6a214a41722f1141db403620eb84

SHA-1:
6a141e5a3185de3963938d47da177a9067ce26c7

SHA-256:
00fddc06deb80f921aa95496447aa3da496781bf81c4846f13d97593d74cd11c

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/27/2024 4:24:53 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Potentially harmful program Downloader.BSH
2014.0.4040

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.141015

ESET NOD32
probably MSIL/Adware.PullUpdate.E application
7.0.302.0

Malwarebytes
PUP.Optional.MovieMaster.A
v2014.10.15.12

Reason Heuristics
PUP.GreenFireSoftware.I
14.10.14.23

VIPRE Antivirus
Threat.4784449
33706

File size:
48.8 KB (49,984 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Green Fire Software 2014

Original file name:
MovieMaster.exe

File type:
Executable application (Win64 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\application data\vrgnrgzu\dat\hacdgbyj.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/6/2014 8:00:00 PM

Valid to:
11/6/2015 6:59:59 PM

Subject:
CN=Green Fire Software, O=Green Fire Software, L=La Jolla, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3DC7DF3234B2F2032E1A66D739CE9E0C

File PE Metadata
Compilation timestamp:
10/1/2014 9:29:16 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:dCXUyyz6zY+RsXv9imVrh/gHkO3AREJfCkn15vpj9f7j0+pnx4et:D+fY9iCrh/gHkIoEUknDvpjxj0+pnCet

Entry address:
0xBF6E

Entry point:
48, A1, 00, 20, 00, 40, 00, 00, 00, 00, FF, E0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.6450

Code size:
40 KB (40,960 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-50-112-218-190.us-west-2.compute.amazonaws.com  (50.112.218.190:80)

Remove hacdgbyj.exe - Powered by Reason Core Security