» 41d48167-4302-449b-9323-98a906b8d92a.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

41d48167-4302-449b-9323-98a906b8d92a.exe

videos+ MediaPlayer+

Hike Zone Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 41d48167-4302-449b-9323-98a906b8d92a.exe, “videos+ MediaPlayer+ exe” by Hike Zone Plus has been detected as adware by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program videos+ MediaPlayer+ by Gogo Network Club which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

enter (signed by Hike Zone Plus)

Product:

videos+ MediaPlayer+

Description:

videos+ MediaPlayer+ exe

Version:

1000.1000.1000.1000

MD5:

276688ced3a03cf51fdd0d1df8ebd42c

SHA-1:

28a01274139250b8c974fa33b5ad79d7eb225a1b

SHA-256:

7febdc8a2b4b415e1c559cd4a0ee5611ada9ccaac3179de70108201a3f807b84

Scanner detections:

15 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/27/2024 8:11:27 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3332

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.14104

Dr.Web

Trojan.Crossrider.33309

9.0.1.0277

ESET NOD32

Win32/Toolbar.CrossRider.AG (variant)

8.10451

Fortinet FortiGate

Riskware/CrossRider

10/4/2014

F-Prot

W32/S-9ad4719b

v6.4.7.1.166

IKARUS anti.virus

not-a-virus:AdWare.Adwapper

t3scan.1.7.8.0

Malwarebytes

PUP.Optional.VideosMediaPlayer.A

v2014.10.04.05

McAfee

Artemis!276688CED3A0

5600.6988

NANO AntiVirus

Riskware.Win32.Crossrider.dfhgra

0.28.2.62286

Panda Antivirus

Trj/Genetic.gen

14.10.04.05

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.Crossrider.Task.e

14.10.4.5

VIPRE Antivirus

Crossrider

33360

Zillya! Antivirus

Adware.Adwapper.Win32.325

2.0.0.1929

File size:

361.9 KB (370,584 bytes)

Product version:

1000.1000.1000.1000

Original file name:

videos+ MediaPlayer+.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\videos+ mediaplayer+\41d48167-4302-449b-9323-98a906b8d92a.exe

Digital Signature

Signed by:

Hike Zone Plus

Authority:

COMODO CA Limited

Valid from:

8/19/2014 2:00:00 AM

Valid to:

8/20/2015 1:59:59 AM

Subject:

CN=Hike Zone Plus, O=Hike Zone Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

7DF4D8EF200BAB292519E3CF5597AD86

File PE Metadata

Compilation timestamp:

9/16/2014 12:02:22 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:lNIQtpG/5CFajIOgI567GCRkCGJpTB6o+Et:l7tpGqOg2hdnJpTMk

Entry address:

0x27242

Entry point:

E8, 46, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75... 
[+]

Code size:

265.5 KB (271,872 bytes)

Scheduled Task

Task name:

41d48167-4302-449b-9323-98a906b8d92a

Trigger:

Logon (Runs on logon)

The file 41d48167-4302-449b-9323-98a906b8d92a.exe has been discovered within the following program.

videos+ MediaPlayer+ by Gogo Network Club

This is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.

crossrider.com

88% remove it

Remove 41d48167-4302-449b-9323-98a906b8d92a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.