1clickmovie-download v9.0-bg.exe

1ClickMovie-Download V9.0

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application 1clickmovie-download v9.0-bg.exe, “1ClickMovie-Download V9.0 exe” by CoolMirage has been detected as adware by 22 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.
Remove 1clickmovie-download v9.0-bg.exe - Powered by Reason Core Security
Publisher:
installdaddy  (signed by CoolMirage Ltd.)

Product:
1ClickMovie-Download V9.0

Description:
1ClickMovie-Download V9.0 exe

Version:
1000.1000.1000.1000

MD5:
0710e91ff419213bee4b377fdb08b92f

SHA-1:
26b15a535d2c1cea3ad77fde826facb357c7f968

SHA-256:
3eec366969aaebaab9f461b8ecfa0e78e18ac3c8a328b818613e6fd78988b603

Scanner detections:
22 / 68

Status:
Adware

Explanation:
InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is CoolMirage Ltd..

Analysis date:
12/4/2016 11:24:02 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.MulDrop
2014.06.11

Avira AntiVirus
Adware/CrossRider.A.3073
7.11.149.24

AVG
MalSign.Skodna
2015.0.3446

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14610

Bitdefender
Gen:Variant.Adware.Kazy.374109
1.0.20.815

Dr.Web
Adware.Toolbar.234
9.0.1.0163

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.374109
8.14.06.12.01

ESET NOD32
Win32/Toolbar.CrossRider.AA potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Toolbar_CrossRider
6/12/2014

F-Secure
Gen:Variant.Adware.Kazy.374109
11.2014-12-06_5

G Data
Gen:Variant.Adware.Kazy.374109
14.6.24

Malwarebytes
PUP.Optional.1ClickMovieDownload.A
v2014.06.10.01

McAfee
Artemis!C25516619C86
5600.7102

McAfee Web Gateway
Artemis!C25516619C86
7.7102

MicroWorld eScan
Gen:Variant.Adware.Kazy.374109
15.0.0.489

NANO AntiVirus
Riskware.Win32.Toolbar.cvoqco
0.28.0.58491

Panda Antivirus
PUP/MultiToolbar.A
14.06.10.01

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Crossrider.CoolMirage.BB
14.8.7.17

Sophos
AppRider
4.98

Trend Micro House Call
TROJ_GEN.F47V0313
7.2.163

VIPRE Antivirus
Threat.4789396
30086

Remove 1clickmovie-download v9.0-bg.exe - Powered by Reason Core Security
File size:
627.4 KB (642,432 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
1ClickMovie-Download V9.0.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\1clickmovie-download v9.0\1clickmovie-download v9.0-bg.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/6/2013 3:00:00 AM

Valid to:
6/7/2014 2:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
6/10/2014 1:07:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:5ygyUjXLKZFYrbba0nH0J3HcqgfKa2+HHbTXSUA14v9dg5+JJSTBf3qp1/r6:GWgFqba0nvA+HXSI6+JJSTh3qp1+

Entry address:
0x57C7D

Entry point:
E8, BA, CC, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, 58, 49, 00, E8, 4D, 41, 00, 00, E8, C1, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, 4D, CC, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 69, 4F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4576

Code size:
493 KB (504,832 bytes)

Remove 1clickmovie-download v9.0-bg.exe - Powered by Reason Core Security