» 276bf88d-3e1e-4ddb-a331-f2aa9cd04396-2.exe
Overview
Analysis
File Details
Behaviors (1)

276bf88d-3e1e-4ddb-a331-f2aa9cd04396-2.exe

TheHDvid-Codec V10

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 276bf88d-3e1e-4ddb-a331-f2aa9cd04396-2.exe, “TheHDvid-Codec V10 exe” by Sailor Project has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

home (signed by Sailor Project)

Product:

TheHDvid-Codec V10

Description:

TheHDvid-Codec V10 exe

Version:

1000.1000.1000.1000

MD5:

c3bb64de3e12c387b64e4e1f01d89dc3

SHA-1:

12c3f7c1049ed73e4d7f6e4fd2b7c219d7333d1c

SHA-256:

8193bd5f5b2d4db379476a971e2aea74ca0400be8e53681402a670c49b4b0598

Scanner detections:

24 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/26/2024 1:22:33 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Crossrider.AG

918

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.166.212

AVG

Generic

2015.0.3396

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14731

Bitdefender

Adware.Crossrider.AG

1.0.20.1060

Dr.Web

Trojan.Crossrider.17413

9.0.1.0212

Emsisoft Anti-Malware

Adware.Crossrider.AG

8.14.07.31.06

ESET NOD32

Win32/Toolbar.CrossRider.AJ potentially unwanted application

8.7.0.302.0

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

F-Secure

Adware.Crossrider.AG

11.2014-31-07_5

G Data

Adware.Crossrider.AG

14.7.24

herdProtect (fuzzy)

variant of 2d8ce323-f007-4cc4-92fc-c310bf5635a4-2.exe (Adware)

2014.9.10.20

IKARUS anti.virus

PUA.CrossRider

t3scan.1.6.1.0

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.3272

Malwarebytes

PUP.Optional.PlusVid.A

v2014.07.31.06

MicroWorld eScan

Adware.Crossrider.AG

15.0.0.636

NANO AntiVirus

Trojan.Win32.Crossrider.ddisuj

0.28.2.61519

nProtect

Adware.Crossrider.AG

14.08.12.01

Panda Antivirus

Trj/Genetic.gen

14.07.31.06

Reason Heuristics

PUP.SailorProject.g

14.7.31.17

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14729

Sophos

AppRider

4.98

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Threat.4789396

31208

File size:

377.9 KB (386,920 bytes)

Product version:

1000.1000.1000.1000

Original file name:

TheHDvid-Codec V10.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\thehdvid-codec v10\276bf88d-3e1e-4ddb-a331-f2aa9cd04396-2.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/18/2014 1:00:00 AM

Valid to:

7/19/2015 12:59:59 AM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

7/24/2014 11:03:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:et25Wf2GraR+p5ZPK6G2NpG1HpTBUUHLCf0fr:et256aV2NpcHpTeUr

Entry address:

0x2F221

Entry point:

E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 9E, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E5, 57, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4568

Code size:

286.5 KB (293,376 bytes)

Scheduled Task

Task name:

276bf88d-3e1e-4ddb-a331-f2aa9cd04396-2

Trigger:

Logon (Runs on logon)

Action:

276bf88d-3e1e-4ddb-a331-f2aa9cd04396-2.exe \wwzvuuacq \gqqslkhhf='thehdvid-codec v10' \gdqeo=

Remove 276bf88d-3e1e-4ddb-a331-f2aa9cd04396-2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.