home

01a193aa-0c4a-42fa-adfa-fe014188f8de-2.exe

HD-V1.9

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application 01a193aa-0c4a-42fa-adfa-fe014188f8de-2.exe by Motoko Group has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
InfoHD-V1.8  (signed by Motoko Group)

Product:
HD-V1.9

Description:
HD-V1.9 exe

Version:
1000.1000.1000.1000

MD5:
0c093782604f8d09e4fe795b2496b5fa

SHA-1:
ebee2e8cac937b6198e824944d1fd1d1c7b34e60

SHA-256:
076795bc3b15f7f658699e321cc86bdfc2b98d02645d25dc7cd63ffb0f6b074c

Scanner detections:
12 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/24/2024 1:42:02 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.164.56

AVG
Generic
2015.0.3400

ESET NOD32
Win32/Toolbar.CrossRider.AJ potentially unwanted application
7.0.302.0

F-Prot
W32/A-eb9ef301
v6.4.7.1.166

IKARUS anti.virus
not-a-virus:WebToolbar.CrossRider
t3scan.1.6.1.0

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.494

Malwarebytes
PUP.Optional.InfoHD.A
v2014.07.28.01

Panda Antivirus
Trj/Genetic.gen
14.07.28.01

Reason Heuristics
PUP.MotokoGroup.g
14.7.28.1

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14726

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
31208

File size:
379.9 KB (388,968 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HD-V1.9.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hd-v1.9\01a193aa-0c4a-42fa-adfa-fe014188f8de-2.exe

Digital Signature
Signed by:
Motoko Group

Authority:
COMODO CA Limited

Valid from:
7/18/2014 1:00:00 AM

Valid to:
7/19/2015 12:59:59 AM

Subject:
CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata
Compilation timestamp:
7/26/2014 11:04:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:r0SlJjfy+FKR1x6t5LexCsojBcbF1vPursejx6pTBv5rYG:r0SlNKR1xqBcx1vP6V6pTJ5N

Entry address:
0x2EC61

Entry point:
E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, A1, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, B7, 62, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
288 KB (294,912 bytes)

Scheduled Task
Task name:
01a193aa-0c4a-42fa-adfa-fe014188f8de-2

Trigger:
Logon (Runs on logon)

Action:
01a193aa-0c4a-42fa-adfa-fe014188f8de-2.exe \keyzvc \pywtkvx='hd-v1.9' \lteeu=61788 \owbgtkhl=


Remove 01a193aa-0c4a-42fa-adfa-fe014188f8de-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.