plugin.exe

Liajcjrj

Jveqrtzijjwtyp

The application plugin.exe has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from softs.illyx.com.
Publisher:
Jveqrtzijjwtyp

Product:
Liajcjrj

Description:
Vytveoxkt

Version:
1.0.0.0

MD5:
2bb2f3f0f578db933acb42a4d309b137

SHA-1:
3afe70660a39419229fde18854aff1a06563d4eb

SHA-256:
12d633a9f163bdc84cf18c2776dda879845131da0de68ed4810616cd80a908bd

Scanner detections:
7 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/5/2024 2:34:06 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.ScrambleWrapper
7.1.1

Dr.Web
infected with Trojan.Crossrider.20
9.0.1.05190

ESET NOD32
Win32/Packed.ScrambleWrapper.G potentially unwanted application
7.0.302.0

Kaspersky
not-a-virus:HEUR:AdWare.NSIS.Adwapper
15.0.0.463

Malwarebytes
PUP.Optional.Bundler
v2014.04.19.11

NANO AntiVirus
Trojan.Win32.Generic.cthmre
0.28.0.59048

Trend Micro House Call
TROJ_GEN.F47V0112
7.2.109

File size:
5.5 MB (5,742,690 bytes)

Copyright:
Osfuwq

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\plugin.exe

File PE Metadata
Compilation timestamp:
2/19/2012 4:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:/ShFMOQVXncPcoZYULC1bsIBHSZ626YQJ1M6wzEjMMfcdCiTD3hFpgjO9m:WG4YU21bQ6CQrjMMfGRFpgK9m

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file plugin.exe has been seen being distributed by the following URL.

Remove plugin.exe - Powered by Reason Core Security