home

596e9707-76af-4d80-b0f3-dffe669f3eb3.exe

Torpedo

Hike Zone Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 596e9707-76af-4d80-b0f3-dffe669f3eb3.exe by Hike Zone Plus has been detected as adware by 8 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program videos+ MediaPlayer+ by Gogo Network Club which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Hike Zone Plus  (signed and verified)

Product:
Torpedo

Version:
1.0.0.0

MD5:
5b2ce8ad92bf29476168e5b2d9149f60

SHA-1:
13cbb32d73489cd0afa936f8d5ad282c9752c6ee

SHA-256:
c84140a7b5ac77e3a6b1fc466f7df9806171e40e556dba1e79a0681eed00ea2a

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
5/1/2024 10:48:05 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/CrossRider.pm
7.11.169.90

AVG
Generic
2015.0.3278

herdProtect (fuzzy)
variant of 437ba593-79e3-4528-a30a-c6f01de51dd1.exe (Adware)
2014.11.27.3

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.7.8.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.2885

nProtect
Trojan/W32.Agent.32112.B
14.09.17.01

Reason Heuristics
PUP.HikeZonePlus.e
14.9.19.0

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

File size:
31.4 KB (32,152 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
TorpedoCh.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\videos+ mediaplayer+\596e9707-76af-4d80-b0f3-dffe669f3eb3.exe

Digital Signature
Signed by:
Hike Zone Plus

Authority:
COMODO CA Limited

Valid from:
8/18/2014 5:00:00 PM

Valid to:
8/19/2015 4:59:59 PM

Subject:
CN=Hike Zone Plus, O=Hike Zone Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7DF4D8EF200BAB292519E3CF5597AD86

File PE Metadata
Compilation timestamp:
8/18/2014 5:08:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:wdL5HFxTS9acVNVdlG959NepeFnXi4Byb:WHX+fdlRcFn3yb

Entry address:
0x81EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.4642

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
24.5 KB (25,088 bytes)

Scheduled Task
Task name:
596e9707-76af-4d80-b0f3-dffe669f3eb3

Trigger:
Logon (Runs on logon)


The file 596e9707-76af-4d80-b0f3-dffe669f3eb3.exe has been discovered within the following program.

videos+ MediaPlayer+  by Gogo Network Club
This is a potentially unwanted adware program that injects ads into the user's browser. This includes inserting into web pages or displaying ads over parts of existing web page advertisements, banners, coupons or text links that would not otherwise appear.
crossrider.com
88% remove it
 
Powered by Should I Remove It?

Remove 596e9707-76af-4d80-b0f3-dffe669f3eb3.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.