» 327e1f2c-7024-496a-a9a2-c2889d93356b.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

327e1f2c-7024-496a-a9a2-c2889d93356b.exe

Torpedo

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 327e1f2c-7024-496a-a9a2-c2889d93356b.exe by Evangelion Group has been detected as adware by 12 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program V-9.1HD by Evangelion Group which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Evangelion Group (signed and verified)

Product:

Torpedo

Version:

1.0.0.0

MD5:

77f8b76a370cfa68fa55b9b1f274c759

SHA-1:

b89339b6a14273cfd743685def7661192c72f68a

SHA-256:

c70413d04e2557491d2ac261bd9339670fb217b93e1913113c7f557e7a399721

Scanner detections:

12 / 68

Status:

Adware

Analysis date:

5/10/2024 10:05:50 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.170.44

avast!

Win32:Crossrider-M [PUP]

2014.9-140917

AVG

Generic

2015.0.3348

herdProtect (fuzzy)

variant of 2f2e1b67-baa6-4759-ab50-956d01dcad6d.exe (Adware)

2014.11.21.7

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3237

McAfee

Artemis!07AED6A0DC57

5600.6940

nProtect

Trojan/W32.Agent.32112.B

14.09.17.01

Panda Antivirus

Trj/Chgt.E

14.11.21.02

Qihoo 360 Security

Win32/Trojan.921

1.0.0.1015

Reason Heuristics

PUP.EvangelionGroup.e

14.9.17.12

Vba32 AntiVirus

TScope.Trojan.MSIL

3.12.26.3

File size:

31.4 KB (32,112 bytes)

Product version:

1.0.0.0

Original file name:

TorpedoCh.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\v-9.1hd\327e1f2c-7024-496a-a9a2-c2889d93356b.exe

Digital Signature

Signed by:

Evangelion Group

Authority:

COMODO CA Limited

Valid from:

7/28/2014 1:00:00 AM

Valid to:

7/29/2015 12:59:59 AM

Subject:

CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata

Compilation timestamp:

8/18/2014 1:08:19 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:RdL5HFxTS9acVNVdlG959NepeFnXi4B7ab7Cz:lHX+fdlRcFn37+7I

Entry address:

0x81EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4622

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

24.5 KB (25,088 bytes)

Scheduled Task

Task name:

327e1f2c-7024-496a-a9a2-c2889d93356b

Trigger:

Logon (Runs on logon)

Action:

327e1f2c-7024-496a-a9a2-c2889d93356b.exe 001423 97713ed732fc40a593d494f25f68610cie 61776 14

The file 327e1f2c-7024-496a-a9a2-c2889d93356b.exe has been discovered within the following program.

V-9.1HD by Evangelion Group

Plus-HD-9.1c (Freeven) is an adware program that runs within the user's web browser and will modify various browser settings such as changing the search provider.

crossrider.com/install/61776-plus-hd-9-1c

86% remove it

Remove 327e1f2c-7024-496a-a9a2-c2889d93356b.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.