plus-hd-8.1-bg.exe

Plus-HD-8.1

Plus HD

The application plus-hd-8.1-bg.exe has been detected as adware by 4 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
Plus HD

Product:
Plus-HD-8.1

Description:
Plus-HD-8.1 exe

Version:
1000.1000.1000.1000

MD5:
6f7259b9331b95138e1ae7444189bd91

SHA-1:
de7cc769ed24606c67e0921a7a13f41c7c226cc2

SHA-256:
f8a8b79a232d5f5d0afbc2a8215e6d181fb5717dfc4a935d00f4e721258c65ed

Scanner detections:
4 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
11/8/2024 5:10:22 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14216

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9420

Reason Heuristics
PUP.PlusHD.N
14.2.13.15

VIPRE Antivirus
Crossrider
26434

File size:
608 KB (622,592 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Plus-HD-8.1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\plus-hd-8.1\plus-hd-8.1-bg.exe

File PE Metadata
Compilation timestamp:
12/8/2013 7:57:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:fKjaciloQbgcIuwqKNWKNe8Jxwcf9KHCTYSW5h:fKjaciloMXIorc1KiTYhh

Entry address:
0x56C99

Entry point:
E8, 3C, B3, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 27, 49, 00, E8, 71, 01, 00, 00, E8, 80, 0D, 00, 00, 0F, B7, F0, 6A, 02, E8, CF, B2, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 18, 0C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4477

Code size:
477 KB (488,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ec2-54-243-129-153.compute-1.amazonaws.com  (54.243.129.153:80)

Remove plus-hd-8.1-bg.exe - Powered by Reason Core Security