» 2aff2a8b7fc97a50ec3e34c719dbb6f3ee6b34aaed920379bb213e836a4cdb05
Overview
Analysis
File Details
Downloads (1)

2aff2a8b7fc97a50ec3e34c719dbb6f3ee6b34aaed920379bb213e836a4cdb05

Dmdpmztnkm

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The file 2aff2a8b7fc97a50ec3e34c719dbb6f3ee6b34aaed920379bb213e836a4cdb05 by Kimahri Software inc has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The file has been seen being downloaded from digger.xmlrequest.info. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Xrkbydtiump (signed by Kimahri Software inc.)

Product:

Dmdpmztnkm

Description:

Ahcjxkdgqov

Version:

1.1.1.1

MD5:

7cb669b5d70f2e893ecd66d5753ab790

SHA-1:

46a9a8c09c13751cd7a4f953cdb0372c275073d1

SHA-256:

2aff2a8b7fc97a50ec3e34c719dbb6f3ee6b34aaed920379bb213e836a4cdb05

Scanner detections:

8 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/19/2024 9:48:15 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.VMDetector

7.1.1

Comodo Security

Heur.Suspicious

17922

Dr.Web

Adware.Plugin.73

9.0.1.0155

ESET NOD32

Win32/Packed.ScrambleWrapper

9.9538

Malwarebytes

PUP.Optional.CrossRider

v2015.06.04.08

Panda Antivirus

PUP/PlusHD

15.06.04.08

Reason Heuristics

PUP.Brightcicrle.Installer.Brightcircle

15.6.4.8

Sophos

AppRider

4.98

File size:

4.6 MB (4,859,512 bytes)

Jqzjdtkhmfto

Installer:

Nullsoft Install System

Language:

English (United States)

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/7/2013 1:00:00 AM

Valid to:

3/7/2016 12:59:59 AM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata

Compilation timestamp:

1/5/2010 1:09:32 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

98304:U46wiIqF6SEmkQLENSbi36deuYiEePM4Vp8RLjfzH:btqFVkQwNSbi36dFR0vj

Entry address:

0x4044

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D... 
[+]

Entropy:

7.9982 (probably packed)

Code size:

33 KB (33,792 bytes)

The file 2aff2a8b7fc97a50ec3e34c719dbb6f3ee6b34aaed920379bb213e836a4cdb05 has been seen being distributed by the following URL.

http://digger.xmlrequest.info/soft-196.exe

Remove 2aff2a8b7fc97a50ec3e34c719dbb6f3ee6b34aaed920379bb213e836a4cdb05 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.