hib10.exe

am2203

The application hib10.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from d2k54omj9vnmc1.cloudfront.net and multiple other hosts.
Product:
am2203

Description:
am2403

Version:
3.0.2.4

MD5:
d60225d47d4b535a24ce7962c32c299e

SHA-1:
34fef9c46f48f7c40570ef0c5ac177dae8f3386e

SHA-256:
7ccf8a2d87681141393458969f126920b6be1ab7d377fd60ca54c34846228b52

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/24/2024 9:33:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Razy.18672
316

AhnLab V3 Security
PUP/Win32.OfferInstaller
2016.03.25

Avira AntiVirus
TR/Dropper.MSIL.Gen
8.3.3.4

Arcabit
Trojan.Razy.D48F0
1.0.0.662

avast!
Win32:Evo-gen [Susp]
2014.9-160324

Bitdefender
Gen:Variant.Razy.18672
1.0.20.420

Dr.Web
Trojan.Crossrider1.57003
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Razy.18672
8.16.03.24.08

ESET NOD32
MSIL/Adware.Imali.C application
8.0.319.0

F-Secure
Variant.Razy.18672
5.15.21

G Data
Gen:Variant.Razy.18672
16.3.25

IKARUS anti.virus
AdWare.MSIL.Imali
t3scan.2.0.9.0

MicroWorld eScan
Gen:Variant.Razy.18672
17.0.0.252

Norman
Gen:Variant.Razy.18672
29.02.2016 03:11:57

Panda Antivirus
Trj/GdSda.A
16.03.24.08

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

Trend Micro House Call
HT_IMALI_FB250001.UVPM
7.2.84

File size:
313.5 KB (321,024 bytes)

Product version:
3.0.2.4

Copyright:
Copyright © 2016

Original file name:
SilentInstaller_dotnet2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Documents and Settings\{user}\Local settings\temp\hib10.exe

File PE Metadata
Compilation timestamp:
3/24/2016 7:54:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:CFZT8qbTR7SquD4L8vioH/X8i9DLnHWcefjVo8bS5ViiTFbL:WZwgVxGq86oH/MKvnolgD/

Entry address:
0x4F24E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8796

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
309 KB (316,416 bytes)

The file hib10.exe has been seen being distributed by the following 2 URLs.

Remove hib10.exe - Powered by Reason Core Security