» plugin.exe
Overview
Analysis
File Details
Downloads (1)

plugin.exe

Liajcjrj

Jveqrtzijjwtyp

The application plugin.exe has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from softs.illyx.com.

File name:

plugin.exe

Publisher:

Jveqrtzijjwtyp

Product:

Liajcjrj

Description:

Vytveoxkt

Version:

1.0.0.0

MD5:

2bb2f3f0f578db933acb42a4d309b137

SHA-1:

3afe70660a39419229fde18854aff1a06563d4eb

SHA-256:

12d633a9f163bdc84cf18c2776dda879845131da0de68ed4810616cd80a908bd

Scanner detections:

7 / 68

Status:

Adware

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

11/5/2024 2:34:06 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.ScrambleWrapper

7.1.1

Dr.Web

infected with Trojan.Crossrider.20

9.0.1.05190

ESET NOD32

Win32/Packed.ScrambleWrapper.G potentially unwanted application

7.0.302.0

Kaspersky

not-a-virus:HEUR:AdWare.NSIS.Adwapper

15.0.0.463

Malwarebytes

PUP.Optional.Bundler

v2014.04.19.11

NANO AntiVirus

Trojan.Win32.Generic.cthmre

0.28.0.59048

Trend Micro House Call

TROJ_GEN.F47V0112

7.2.109

File size:

5.5 MB (5,742,690 bytes)

Osfuwq

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\plugin.exe

File PE Metadata

Compilation timestamp:

2/19/2012 4:01:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

98304:/ShFMOQVXncPcoZYULC1bsIBHSZ626YQJ1M6wzEjMMfcdCiTD3hFpgjO9m:WG4YU21bQ6CQrjMMfGRFpgK9m

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The file plugin.exe has been seen being distributed by the following URL.

http://softs.illyx.com/setup/dl.php?l=ressources/commun/fr/.../illyx&telecharger=pricora-FR

Remove plugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.