» 3611.exe
Overview
Analysis
File Details
Downloads (1)

3611.exe

City Center Games (Extreme White Limited)

The application 3611.exe by City Center Games (Extreme White Limited) has been detected as adware by 12 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.ewebdomrec.com.

File name:

3611.exe

Publisher:

City Center Games (Extreme White Limited) (signed and verified)

Version:

105.0.0.0

MD5:

53ed79c893a9559b58b0268648921d52

SHA-1:

5a32017cd6ba690260bc22d4ef88ef00c5bcb91a

SHA-256:

2fe14d39d38df62d46a3b68cb9fbcabbda0bac02bc0666f5483da31327a268a7

Scanner detections:

12 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

5/21/2024 9:52:28 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.15627

Dr.Web

Trojan.Crossrider1.29263

9.0.1.0178

ESET NOD32

Win32/Toolbar.CrossRider.CN potentially unwanted (variant)

9.11605

K7 AntiVirus

Unwanted-Program

13.203.15861

Malwarebytes

PUP.Optional.CrossBrowse

v2015.06.27.02

McAfee

Artemis!53ED79C893A9

5600.6722

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.installCore.CityCenterGamesExtremeWhiteLimited (M)

15.6.27.2

Sophos

AppRider

4.98

Trend Micro House Call

Suspicious_GEN.F47V0508

7.2.178

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Crossrider

40122

File size:

1.8 MB (1,893,976 bytes)

Product version:

105.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\3611.exe

Digital Signature

Signed by:

City Center Games (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/14/2015 9:00:00 PM

Valid to:

4/14/2016 8:59:59 PM

Subject:

CN=City Center Games (Extreme White Limited), O=City Center Games (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00808728FFBF020E8929813B59AA2EC529

File PE Metadata

Compilation timestamp:

4/30/2015 11:32:26 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:JQ+7a9bjH7hdgXSfi2BXXrT7pSy9fY+mRl2YxJ5iaN46d:O0a9NWSfBB4l

Entry address:

0x122990

Entry point:

E8, 2B, 11, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, C4, 9D, 5B, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, DE, 5A, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, C4, 9D, 5B, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00... 
[+]

Code size:

1.3 MB (1,365,504 bytes)

The file 3611.exe has been seen being distributed by the following URL.

http://download.ewebdomrec.com/crcb/.../installer.exe

Remove 3611.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.