» 42f4c78e-04d2-4d92-ba70-b9942623a088-11.exe
Overview
Analysis
File Details
Behaviors (1)

42f4c78e-04d2-4d92-ba70-b9942623a088-11.exe

HQPureV1.8

Stampede Technologies

The application 42f4c78e-04d2-4d92-ba70-b9942623a088-11.exe by Stampede Technologies has been detected as adware by 26 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

HQPure (signed by Stampede Technologies)

Product:

HQPureV1.8

Description:

HQPureV1.8 exe

Version:

1000.1000.1000.1000

MD5:

90ee19913cc68a0857be3c79f2705839

SHA-1:

6f00e718045eaf015a1e4a6ef70269f1057be387

SHA-256:

d5ecb5b4ab3d020fabc858fb58106fffacd287be0042cd317f262cfb6c3bb9ff

Scanner detections:

26 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/24/2024 12:19:34 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Plush.1

618

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.17

Avira AntiVirus

Adware/CrossRider.pl

7.11.179.8

avast!

Win32:Crossrider-AD [PUP]

2014.9-150527

AVG

Stampede

2016.0.3096

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.15527

Bitdefender

Gen:Variant.Adware.Plush.1

1.0.20.735

Clam AntiVirus

Win.Adware.Agent-8620

0.98/21411

Dr.Web

Trojan.Crossrider.28619

9.0.1.0147

Emsisoft Anti-Malware

Gen:Variant.Adware.Plush

8.15.05.27.12

ESET NOD32

Win32/Toolbar.CrossRider.AV (variant)

9.10575

Fortinet FortiGate

Riskware/CrossRider

5/27/2015

F-Prot

W32/A-fe3c301b

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Plush.1

11.2015-27-05_4

G Data

Gen:Variant.Adware.Plush

15.5.24

K7 AntiVirus

Unwanted-Program

13.184.13704

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.1977

Malwarebytes

PUP.Optional.HQPure.A

v2015.05.27.12

McAfee

Artemis!90EE19913CC6

5600.6752

MicroWorld eScan

Gen:Variant.Adware.Plush.1

16.0.0.441

NANO AntiVirus

Riskware.Win32.Crossrider.ddvymb

0.28.2.62671

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

Adware.Crossrider.StampedeTechnologies

15.5.27.8

Sophos

Generic PUA GP

4.98

VIPRE Antivirus

Crossrider

33986

Zillya! Antivirus

Trojan.GoogUpdate.Win32.546

2.0.0.1958

File size:

1.8 MB (1,918,328 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HQPureV1.8.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hqpurev1.8\42f4c78e-04d2-4d92-ba70-b9942623a088-11.exe

Digital Signature

Signed by:

Stampede Technologies

Authority:

COMODO CA Limited

Valid from:

7/28/2014 2:00:00 AM

Valid to:

7/29/2015 1:59:59 AM

Subject:

CN=Stampede Technologies, O=Stampede Technologies, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0CC7970117FD591A57609D71BEE0FCB8

File PE Metadata

Compilation timestamp:

8/16/2014 12:05:13 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:iL8PvljBCsZHQS0C4IXQIxPRFpSL1TKUzn+nPRxq:C8VjBTZHQHyXQBz

Entry address:

0xE6464

Entry point:

E8, 3C, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 6F, 01, 01, 00, 3B, 30, 7C, 07, E8, 66, 01, 01, 00, 8B, 30, E8, 59, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 60, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 90, 69, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 90, 69, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, D3, ED... 
[+]

Code size:

1 MB (1,094,656 bytes)

Scheduled Task

Task name:

42f4c78e-04d2-4d92-ba70-b9942623a088-11

Trigger:

Logon (Runs on logon)

Action:

42f4c78e-04d2-4d92-ba70-b9942623a088-11.exe \rawdata=w85r4qtanzqnjscgl\oyfykatii3t46qup66nw6eu

Remove 42f4c78e-04d2-4d92-ba70-b9942623a088-11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.