1clickmovie-download v9.0-buttonutil64.exe

1ClickMovie-Download V9.0

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application 1clickmovie-download v9.0-buttonutil64.exe, “1ClickMovie-Download V9.0 exe” by CoolMirage has been detected as adware by 22 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Remove 1clickmovie-download v9.0-buttonutil64.exe - Powered by Reason Core Security
Publisher:
installdaddy  (signed by CoolMirage Ltd.)

Product:
1ClickMovie-Download V9.0

Description:
1ClickMovie-Download V9.0 exe

Version:
1000.1000.1000.1000

MD5:
e7ece3a7395ba5cfdf32a045c03dfeb5

SHA-1:
4cae8a398178c8dad151c0b5887df2b249c19d5d

SHA-256:
1771c283f6164ee6773bcc9cbd61a9baa9e059b9c3e21b5629724990ae2004a6

Scanner detections:
22 / 68

Status:
Adware

Explanation:
InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Analysis date:
12/8/2016 5:12:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.954708
928

Antiy Labs AVL
GrayWare[AdWare:not-a-virus]/Win32.AdLoad
1.0.0.1

avast!
Win64:Adware-gen [Adw]
2014.9-140721

Baidu Antivirus
Adware.Win64.Crossrider
4.0.3.14610

Bitdefender
Adware.Generic.954708
1.0.20.1010

Emsisoft Anti-Malware
Adware.Generic.954708
8.14.07.21.05

ESET NOD32
Win64/Toolbar.Crossrider.E potentially unwanted application
7.0.302.0

F-Secure
Adware.Generic.954708
11.2014-21-07_2

G Data
Adware.Generic.954708
14.7.24

Jiangmin
Adware/Adload.avn
KV140721

K7 AntiVirus
Trojan
13.180.12498

K7 Gateway Antivirus
Trojan
13.180.12498

Kaspersky
not-a-virus:AdWare.Win32.AdLoad
14.0.0.3526

Malwarebytes
PUP.Optional.1ClickMovieDownload.A
v2014.06.10.01

McAfee
RDN/Generic PUP.x!ch3
5600.7062

McAfee Web Gateway
RDN/Generic PUP.x!ch3
7.7062

MicroWorld eScan
Adware.Generic.954708
15.0.0.606

Panda Antivirus
PUP/MultiToolbar.A
14.06.10.01

Reason Heuristics
PUP.Crossrider.CoolMirage.f
14.8.7.17

Trend Micro House Call
TROJ_GEN.R047H07FL14
7.2.202

Trend Micro
TROJ_GEN.R0C1C0OFH14
10.465.21

VIPRE Antivirus
Threat.4789396
30086

Remove 1clickmovie-download v9.0-buttonutil64.exe - Powered by Reason Core Security
File size:
360.4 KB (369,024 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
1ClickMovie-Download V9.0.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\1clickmovie-download v9.0\1clickmovie-download v9.0-buttonutil64.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/6/2013 3:00:00 AM

Valid to:
6/7/2014 2:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
6/10/2014 1:03:45 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:M6VQDr/fHrCKAmOoLLa1PoXQuTFUbI6he/:M6GC9k8AXIIp

Entry address:
0x22508

Entry point:
48, 83, EC, 28, E8, E7, A6, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, 90, 20, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, 73, A6, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, B7, DA, FD, FF, 66, 39, 05, B0, DA, FD, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, DF, DA, FD, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89...
 
[+]

Entropy:
6.0409

Code size:
227.5 KB (232,960 bytes)

Remove 1clickmovie-download v9.0-buttonutil64.exe - Powered by Reason Core Security