ti.exe

HDVideo_1.3V05.03

The application ti.exe, “HDVideo_1.3V05.03 exe” has been detected as a potentially unwanted program by 32 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address ip-184-168-221-47.ip.secureserver.net on port 80 using the HTTP protocol.
Publisher:
HDVideo_1.3V05.03

Product:
HDVideo_1.3V05.03

Description:
HDVideo_1.3V05.03 exe

Version:
1000.1000.1000.1000

MD5:
c5c0d4e10512cf61a2bb265c557b5451

SHA-1:
6c573af51766e2e1c9cc94c247ed01db40013078

SHA-256:
59db05174b59958e8004ac13c0218ce21dff836a99fe415401222d0b8c7be3ab

Scanner detections:
32 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
11/23/2024 8:13:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.tv0@mO@n6ikO
643

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.05.01

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.214.140

avast!
Win32:Malware-gen
2014.9-150502

AVG
Toolbar
2016.0.3121

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1552

Bitdefender
Gen:Application.Heur.tv0@mO@n6ikO
1.0.20.610

Comodo Security
ApplicUnwnt
21959

Dr.Web
Trojan.Crossrider1.21739
9.0.1.0122

Emsisoft Anti-Malware
Gen:Application.Heur.tv0@mO@n6ikO
8.15.05.02.12

ESET NOD32
Win32/Toolbar.CrossRider.CD potentially unwanted (variant)
9.11561

Fortinet FortiGate
Riskware/CrossRider
5/2/2015

F-Prot
W32/AdLoad.AK2.gen
v6.4.7.1.166

F-Secure
Riskware.Gen:Application.Heur.tv0@mO@n6ikO
11.2015-02-05_7

G Data
Gen:Application.Heur.tv0@mO@n6ikO
15.5.25

K7 AntiVirus
Trojan
13.203.15772

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2102

Malwarebytes
PUP.Optional.MediaPlayer.A
v2015.05.02.12

McAfee
Artemis!C5C0D4E10512
5600.6777

MicroWorld eScan
Gen:Application.Heur.tv0@mO@n6ikO
16.0.0.366

NANO AntiVirus
Trojan.Win32.Crossrider1.dotlxc
0.30.24.1357

Norman
Gen:Application.Heur.tv0@kO@n6ikO
11.20150502

Panda Antivirus
Trj/Genetic.gen
15.05.02.12

Qihoo 360 Security
Win32/Virus.Adware.a87
1.0.0.1015

Sophos
Generic PUA FI
4.98

SUPERAntiSpyware
Adware.CrossRider/Variant
9900

Trend Micro House Call
TROJ_GEN.R0C2C0ODS15
7.2.122

Trend Micro
TROJ_GEN.R0C2C0ODS15
10.465.02

VIPRE Antivirus
Trojan.Win32.Generic
39846

Zillya! Antivirus
Adware.CrossRider.Win32.3826
2.0.0.2163

File size:
1.3 MB (1,371,136 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HDVideo_1.3V05.03.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\ti.exe

File PE Metadata
Compilation timestamp:
3/5/2015 12:04:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:QrSDmJONENV6RUBHg1zr4BYnLYh0dtxyZTTNwi+g3jsc9a8J/O25pSQTsTBY:QrSDmOQ2Mg1BLu0tCTuOxJJ/O25pSQwK

Entry address:
0xD180B

Entry point:
E8, CF, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 02, E6, 00, 00, 3B, 30, 7C, 07, E8, F9, E5, 00, 00, 8B, 30, E8, EC, E5, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 99, 43, 00, 00, 8B, F0, 85, F6, 75, 07, B8, B0, 32, 53, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 72, 2D, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, B0, 32, 53, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, A4, D2...
 
[+]

Entropy:
6.6839

Code size:
985.5 KB (1,009,152 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ip-184-168-221-47.ip.secureserver.net  (184.168.221.47:80)

Remove ti.exe - Powered by Reason Core Security