» 2705.exe
Overview
Analysis
File Details
Network (7)

2705.exe

CinemaPlus-3.2cV06.07

Digit Network (Extreme White Limited)

The application 2705.exe, “CinemaPlus-3.2cV06.07 exe” by Digit Network (Extreme White Limited) has been detected as adware by 22 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory.

File name:

2705.exe

Publisher:

Cinema PlusV06.07 (signed by Digit Network (Extreme White Limited))

Product:

CinemaPlus-3.2cV06.07

Description:

CinemaPlus-3.2cV06.07 exe

Version:

1000.1000.1000.1000

MD5:

c8a6f6523e5aea9274f3ecf472b117d2

SHA-1:

eb370493c3f1b3fcaef54312683ee7351b00029d

SHA-256:

c4012b06b87c3c9ce0e2f4cfb0ff736d5abe700e0a4bba40afadc90db01abb4a

Scanner detections:

22 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/25/2024 9:42:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.188636

578

AhnLab V3 Security

PUP/Win32.CrossRider

2015.07.07

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.1.6

Arcabit

Trojan.Adware.Graftor.D2E0DC

1.0.0.425

avast!

Win32:Adware-CMH [PUP]

2014.9-150707

AVG

Crossrider_r

2016.0.3056

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.1577

Bitdefender

Gen:Variant.Adware.Graftor.188636

1.0.20.940

Bkav FE

W32.HfsAdware

1.3.0.6979

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.188636

8.15.07.07.04

ESET NOD32

Win32/Toolbar.CrossRider.CO potentially unwanted (variant)

9.11897

F-Secure

Gen:Variant.Adware.Graftor

11.2015-07-07_3

G Data

Gen:Variant.Adware.Graftor.188636

15.7.25

K7 AntiVirus

Unwanted-Program

13.205.16471

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.1774

Malwarebytes

PUP.Optional.CrossRider.A

v2015.07.07.04

MicroWorld eScan

Gen:Variant.Adware.Graftor.188636

16.0.0.564

Panda Antivirus

Trj/Genetic.gen

15.07.07.04

Qihoo 360 Security

Win32/Virus.Adware.a87

1.0.0.1015

Reason Heuristics

PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited (M)

15.7.7.4

SUPERAntiSpyware

PUP.CrossRider/Variant

9769

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

41768

File size:

1.5 MB (1,574,992 bytes)

Product version:

1000.1000.1000.1000

Original file name:

CinemaPlus-3.2cV06.07.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\2705.exe

Digital Signature

Signed by:

Digit Network (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/14/2015 9:00:00 PM

Valid to:

4/14/2016 8:59:59 PM

Subject:

CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F39F5E5096779B72822CF8381166A432

File PE Metadata

Compilation timestamp:

7/6/2015 8:06:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:24SOxNFDAk/qosWju9Vx6QK0tHML4yD7oRVdij1fITspShFOJQ1lQ61Qi5ZOqFrH:2IjAVlHMEa7ETspShFd/Q6Ki5ZOirhp

Entry address:

0xD274D

Entry point:

E8, 4B, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, 19, 56, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, E1, 55, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, 19, 56, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8... 
[+]

Code size:

1 MB (1,066,496 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (52.216.18.130:80)

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.10:80)

Remove 2705.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.