home

18e2b09b-346a-45bc-b70c-7fd8b6e69215-11.exe

HD-V1.2

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The application 18e2b09b-346a-45bc-b70c-7fd8b6e69215-11.exe by Kimahri Software inc has been detected as adware by 18 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
HDproduct  (signed by Kimahri Software inc.)

Product:
HD-V1.2

Description:
HD-V1.2 exe

Version:
1000.1000.1000.1000

MD5:
5d9b7b8b5d033904ee17f2a295f98666

SHA-1:
330d48bb1bda9d71b0ab47cb52eeea5f2cb4b991

SHA-256:
d20d7d67c4c75f2010b7b2f086c27a2ea16b1404fe78879bbe57997700748ac4

Scanner detections:
18 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/26/2024 12:14:44 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.374062
919

Avira AntiVirus
Adware/CrossRider.A.11057
7.11.155.192

avast!
Win32:Adware-gen [Adw]
2014.9-140731

AVG
Generic
2015.0.3356

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14731

Bitdefender
Gen:Variant.Adware.Kazy.374062
1.0.20.1060

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.374062
8.14.07.31.04

ESET NOD32
Win32/Toolbar.CrossRider.AD potentially unwanted application
8.7.0.302.0

F-Secure
Gen:Variant.Adware.Kazy.374062
11.2014-31-07_5

G Data
Gen:Variant.Adware.Kazy.374062
14.7.24

herdProtect (fuzzy)
variant of 92763219-cd5e-449c-9ee4-e16989e2a0e3-11.exe (Adware)
2014.9.10.13

McAfee
Artemis!5D9B7B8B5D03
5600.7053

MicroWorld eScan
Gen:Variant.Adware.Kazy.374062
15.0.0.636

NANO AntiVirus
Riskware.Win32.AdLoad.dbifsh
0.28.0.60253

Panda Antivirus
PUP/PlusHD
14.07.31.04

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.KimahriSoftwareinc.h
14.7.31.3

VIPRE Antivirus
Threat.4789396
29708

File size:
1.8 MB (1,915,752 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HD-V1.2.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hd-v1.2\18e2b09b-346a-45bc-b70c-7fd8b6e69215-11.exe

Digital Signature
Signed by:
Kimahri Software inc.

Authority:
COMODO CA Limited

Valid from:
3/6/2013 9:00:00 PM

Valid to:
3/6/2016 8:59:59 PM

Subject:
CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata
Compilation timestamp:
6/18/2014 7:04:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:tMrzBjSgNQ5PyjlCozFNXQ5mNpSw/T8Uzn+nPRxB:tMrdOeQ5PypVzFNMH

Entry address:
0xE5364

Entry point:
E8, 3A, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 6D, 01, 01, 00, 3B, 30, 7C, 07, E8, 64, 01, 01, 00, 8B, 30, E8, 57, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 60, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 80, 56, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 80, 56, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, D1, ED...
 
[+]

Code size:
1 MB (1,093,632 bytes)

Scheduled Task
Task name:
18e2b09b-346a-45bc-b70c-7fd8b6e69215-11

Trigger:
Logon (Runs on logon)

Action:
18e2b09b-346a-45bc-b70c-7fd8b6e69215-11.exe \vvxbgfsd=irwgu87uaelzgtpgfarzrron+vvadsb37xiho4x2


Remove 18e2b09b-346a-45bc-b70c-7fd8b6e69215-11.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.