1clickmovie-download v9.0-nova.exe

1ClickMovie-Download V9.0

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application 1clickmovie-download v9.0-nova.exe, “1ClickMovie-Download V9.0 exe” by CoolMirage has been detected as adware by 6 anti-malware scanners. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.
Remove 1clickmovie-download v9.0-nova.exe - Powered by Reason Core Security
Publisher:
installdaddy  (signed by CoolMirage Ltd.)

Product:
1ClickMovie-Download V9.0

Description:
1ClickMovie-Download V9.0 exe

Version:
1000.1000.1000.1000

MD5:
bd41057db88ed10a082dd740499a3306

SHA-1:
aee7ec24114ebafeb37eaa4072128ea2f56267df

SHA-256:
3ac3239aecd23cedf832569cfc0f0bc4966af313d27a3d7b93144edc76758857

Scanner detections:
6 / 68

Status:
Adware

Explanation:
InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Analysis date:
12/10/2016 5:43:23 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14610

ESET NOD32
Win32/Toolbar.CrossRider.AE potentially unwanted application
7.0.302.0

Malwarebytes
PUP.Optional.1ClickMovieDownload.A
v2014.06.10.12

Panda Antivirus
PUP/MultiToolbar.A
14.06.10.12

Reason Heuristics
PUP.CoolMirage.DD
14.8.7.17

VIPRE Antivirus
Threat.4789396
30086

Remove 1clickmovie-download v9.0-nova.exe - Powered by Reason Core Security
File size:
578.9 KB (592,768 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
1ClickMovie-Download V9.0.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\1clickmovie-download v9.0\1clickmovie-download v9.0-nova.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/6/2013 3:00:00 AM

Valid to:
6/7/2014 2:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
6/10/2014 1:06:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:7cJeiGc6FhOqhv4BOQHOfcH3hvdHnxRxpTBDkA6r3UPm13:7cn4eBxrHzTW/rEe13

Entry address:
0x42D49

Entry point:
E8, B1, AA, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, 7F, 47, 00, E8, 91, 09, 00, 00, E8, AD, 99, 00, 00, 0F, B7, F0, 6A, 02, E8, 44, AA, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 29, 1B, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3072

Code size:
406 KB (415,744 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to ec2-54-225-131-67.compute-1.amazonaws.com  (54.225.131.67:80)

Remove 1clickmovie-download v9.0-nova.exe - Powered by Reason Core Security