» highd-v1.8-codedownloader.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

highd-v1.8-codedownloader.exe

HighD-V1.8

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application highd-v1.8-codedownloader.exe by Motoko Group has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for HighD extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

HighD (signed by Motoko Group)

Product:

HighD-V1.8

Description:

HighD-V1.8 exe

Version:

1000.1000.1000.1000

MD5:

62bef726e52a7aaf42192824411ea248

SHA-1:

794504c04addb7a6f5de3fdd9ecca151bf5c0f34

SHA-256:

cb240800ee9c79c94124f5fcfb362cd6afbc40afd405951ad1a81e7329abba71

Scanner detections:

24 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Motoko Group.

Analysis date:

11/25/2024 9:03:58 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.374109

903

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.166.28

AVG

Generic

2015.0.3381

Baidu Antivirus

Trojan.Win32.GoogUpdate

4.0.3.14815

Bitdefender

Gen:Variant.Adware.Kazy.374109

1.0.20.1135

Comodo Security

ApplicUnwnt

19128

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.374109

8.14.08.15.06

ESET NOD32

Win32/Toolbar.CrossRider.AJ (variant)

8.10226

Fortinet FortiGate

Riskware/Toolbar_CrossRider

8/15/2014

F-Secure

Gen:Variant.Adware.Kazy.374109

11.2014-15-08_6

G Data

Gen:Variant.Adware.Kazy.374109

14.8.24

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.183.12998

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3401

Malwarebytes

PUP.Optional.HighD.A

v2014.08.15.06

McAfee

Artemis!62BEF726E52A

5600.7037

MicroWorld eScan

Gen:Variant.Adware.Kazy.374109

15.0.0.681

NANO AntiVirus

Riskware.Win32.CrossRider.ddlvdl

0.28.2.61349

Panda Antivirus

Trj/Genetic.gen

14.08.15.06

Reason Heuristics

PUP.Crossrider.MotokoGroup.Y

14.8.15.18

Sophos

Generic PUA HJ

4.98

Trend Micro House Call

Suspicious_GEN.F47V0726

7.2.227

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Crossrider

32050

File size:

545.9 KB (558,952 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HighD-V1.8.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\highd-v1.8\highd-v1.8-codedownloader.exe

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/17/2014 7:00:00 PM

Valid to:

7/18/2015 6:59:59 PM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

7/22/2014 5:04:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:tkaiwLATVmMOaSxnpoNjtkTdoIB5jrNnaMTDNKZuqWe1V2InXpTBjjUFW:t1L6waShpo1tkaMlfTDI4g1IIXpT1j3

Entry address:

0x48183

Entry point:

E8, B0, DD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4... 
[+]

Code size:

429 KB (439,296 bytes)

Scheduled Task

Task name:

86c38824-1606-49fc-be50-71cbfd4aabe1-1

Trigger:

Logon (Runs on logon)

Action:

highd-v1.8-codedownloader.exe \fwscc \elmyu=task \fxyintq='highd-v1.8' \fhawjde=

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.83.9:80)

Remove highd-v1.8-codedownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.