hosts-codedownloader.exe

hosts

Irismedia

The application hosts-codedownloader.exe has been detected as adware by 26 anti-malware scanners. This file is typically installed with the program hosts by Irismedia which is a potentially unwanted software program. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for Irismedia extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js.
Publisher:
Irismedia

Product:
hosts

Description:
hosts exe

Version:
1000.1000.1000.1000

MD5:
533e65cb34a7327033e68cc4a15b744f

SHA-1:
04076be368d8ad1575e6cec539fc18bb1f1d798c

SHA-256:
fd0d806c663f3c6609c50f4882cef11ae78b30ddd2f01adb3458a9c525eac5bb

Scanner detections:
26 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/26/2024 10:07:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.Du0@k4LAm@dO
769

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.196.80

avast!
Win32:Crossrider-AI [PUP]
2014.9-141227

AVG
Generic_r
2015.0.3247

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141227

Bitdefender
Gen:Application.Heur.Du0@k4LAm@dO
1.0.20.1805

Clam AntiVirus
Win.Adware.Plush-32
0.98/21511

Dr.Web
Trojan.Crossrider.19
9.0.1.0361

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.10889

F-Prot
W32/A-eb9ef301
v6.4.7.1.166

F-Secure
Gen:Application.Heur.Du0@k4LAm@dO
11.2014-27-12_7

G Data
Gen:Application.Heur.Du0@k4LAm@dO
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

Malwarebytes
PUP.Optional.Hosts.A
v2014.12.27.09

McAfee
Artemis!533E65CB34A7
5600.6903

MicroWorld eScan
Gen:Application.Heur.Du0@k4LAm@dO
15.0.0.1083

NANO AntiVirus
Trojan.Win32.Crossrider.csbfcl
0.28.6.64267

Reason Heuristics
PUP.Crossrider.Irismedia.U
14.12.27.21

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.R0CBC0OI114
7.2.361

Trend Micro
TROJ_GEN.R0CBC0OI114
10.465.27

VIPRE Antivirus
Crossrider
35802

Zillya! Antivirus
Adware.CroRi.Win32.411
2.0.0.2007

File size:
476 KB (487,424 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
hosts.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hosts\hosts-codedownloader.exe

File PE Metadata
Compilation timestamp:
8/12/2013 7:43:01 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:cNTaAM0saTRAQltE+8TXFlSNNkoqcVzusljYmJtrqGGvPQgXXLhTDAcBwypTv:cNT141ztFTXqOTv

Entry address:
0x45249

Entry point:
E8, FA, B4, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB...
 
[+]

Entropy:
6.5027

Code size:
382 KB (391,168 bytes)

The file hosts-codedownloader.exe has been discovered within the following program.

hosts  by Irismedia
This is an unwanted web browser extension that delivers search hijacking as well as contextual advertising within a user's web browser. The program does this by modifying the user's home and search pages in order to monetize search activities.
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to vip011.ssl.hwcdn.net  (205.185.208.11:443)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.112.114:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to a23-67-250-136.deploy.static.akamaitechnologies.com  (23.67.250.136:80)

TCP (HTTP):
Connects to a23-67-250-106.deploy.static.akamaitechnologies.com  (23.67.250.106:80)

TCP (HTTP):
Connects to a1plpkivs-v03.any.prod.ash1.secureserver.net  (72.167.239.239:80)

TCP (HTTP):
Connects to a184-26-44-105.deploy.static.akamaitechnologies.com  (184.26.44.105:80)

Remove hosts-codedownloader.exe - Powered by Reason Core Security