home

495dbab4-ce64-40d1-8364-ac5f719cdf3f.exe

HD-V1.9

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 495dbab4-ce64-40d1-8364-ac5f719cdf3f.exe by Evangelion Group has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
InfoHD-V1.8  (signed by Evangelion Group)

Product:
HD-V1.9

Description:
HD-V1.9 exe

Version:
1000.1000.1000.1000

MD5:
ec9bb5f4b7c062bc325ba3f9dc331c71

SHA-1:
b6e27b0874a5a9656da2e01011d0cd4db61c41b2

SHA-256:
e0bb1c2a1e121eb16a4009f1bb23b1411e39d9a4ac05f872eaad2cc27769bbfc

Scanner detections:
11 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/27/2024 1:07:16 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.164.214

AVG
Generic
2015.0.3355

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.14910

Dr.Web
Trojan.Crossrider.17413
9.0.1.0253

ESET NOD32
Win32/Toolbar.CrossRider.AG potentially unwanted application
8.7.0.302.0

herdProtect (fuzzy)
variant of ffe8e0ca-177e-4699-9c8b-686f26da570c.exe (Adware)
2014.9.10.18

IKARUS anti.virus
not-a-virus:WebToolbar.CrossRider
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.InfoHD.A
v2014.07.31.03

Panda Antivirus
Trj/Genetic.gen
14.07.31.03

Reason Heuristics
PUP.Task.EvangelionGroup.e
14.8.5.22

VIPRE Antivirus
Threat.4789396
31208

File size:
357.4 KB (365,936 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HD-V1.9.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hd-v1.9\495dbab4-ce64-40d1-8364-ac5f719cdf3f.exe

Digital Signature
Signed by:
Evangelion Group

Authority:
COMODO CA Limited

Valid from:
7/28/2014 1:00:00 AM

Valid to:
7/29/2015 12:59:59 AM

Subject:
CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata
Compilation timestamp:
7/31/2014 12:39:40 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:faADXlwIqBfaL/76TkkImoTxlpTBvtdqGj0:faAYSL/76gZmSxlpTxT0

Entry address:
0x270B2

Entry point:
E8, 4C, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75...
 
[+]

Code size:
262 KB (268,288 bytes)

Scheduled Task
Task name:
495dbab4-ce64-40d1-8364-ac5f719cdf3f

Trigger:
Logon (Runs on logon)

Action:
495dbab4-ce64-40d1-8364-ac5f719cdf3f.exe \xedze='hd-v1.9' \blviok=61788 \bymxfiv='001859' \


Remove 495dbab4-ce64-40d1-8364-ac5f719cdf3f.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.