5aba926d-25d2-4a2f-9c93-178df6a11891-6.exe

FileProperties_ProductName

FileProperties_CompanyName

The application 5aba926d-25d2-4a2f-9c93-178df6a11891-6.exe, “FileProperties_FileDescription” has been detected as adware by 14 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Additionally, the file is typically installed by a number of programs including videos MediaPlayer+ by Derzany Network and SavePass 1.1 by Morgan Enter Mode, both potentially unwanted software. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
FileProperties_CompanyName

Product:
FileProperties_ProductName

Description:
FileProperties_FileDescription

Version:
1000.1000.1000.1000

MD5:
423b358206ccfd4d5a17e05a193dca05

SHA-1:
f32837ed6b082429d4e9497bb4a2e62df755f168

SHA-256:
488f7b252531d546e12a175b60d0fb9c8b4aa5e54880eb387d20ffe7a715baad

Scanner detections:
14 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/19/2018 2:55:03 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.177.224

avast!
Win32:Adware-gen [Adw]
2014.9-141011

AVG
Generic
2015.0.3275

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141011

ESET NOD32
Win32/Toolbar.CrossRider.AV (variant)
8.10544

Fortinet FortiGate
Riskware/CrossRider
11/29/2014

Kaspersky
not-a-virus:WebToolbar.Win32.CroRi
14.0.0.2870

McAfee
Artemis!423B358206CC
5600.6981

Panda Antivirus
Trj/Genetic.gen
14.11.29.10

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Crossrider.Task.g
14.10.11.5

Sophos
Generic PUA PD
4.98

VIPRE Antivirus
Crossrider
33808

File size:
1.2 MB (1,256,448 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
FileProperties_OriginalFilename.dll

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winservice86\5aba926d-25d2-4a2f-9c93-178df6a11891-6.exe

File PE Metadata
Compilation timestamp:
10/6/2014 10:37:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:3H2O1/qdM8y5EVxVARcUh2UuolgmZVHfTvpSntJRrwgXxjv:HqDVKczUrPTvpSntJRcgXxjv

Entry address:
0xA2A80

Entry point:
E8, D7, 03, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 70, 63, 50, 00, E8, 2A, 79, 00, 00, E8, FC, 55, 00, 00, 0F, B7, F0, 6A, 02, E8, 6A, 03, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 58, 8D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
814 KB (833,536 bytes)

Scheduled Task
Task name:
5aba926d-25d2-4a2f-9c93-178df6a11891-6

Trigger:
Logon (Runs on logon)


The file 5aba926d-25d2-4a2f-9c93-178df6a11891-6.exe has been discovered within the following programs.

Browsers Apps +  by Bohr­-ium Group
Browsers Apps + (Freeven) is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads.
crossrider.com/install/61787-browsers-app
82% remove it
Clip-High_D_06  by Kimahri Software inc.
Clip-High is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
82% remove it
HD+v2.1  by Vegeta Pop
HD+ is an adware Internet toolbar/extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.
83% remove it
PlusVid  by Kimahri Software inc.
This adware injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with the software or its affiliate partners.
crossrider.com/install/57020-plusvid
83% remove it
SavePass  by Kimahri Software inc.
SavePass is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
84% remove it
SavePass 1.1  by Morgan Enter Mode
SavePass distributed by Brightcircle is a web browser extension that injects display advertising in the user's browser.
83% remove it
Sense  by Object Browser
Sense is a potentially unwanted web browser extension that will attempt to modify the user's home and search page settings as well as display advertisements in the browser. The software will attach to IE, Chrome and Firefox.
85% remove it
Senses  by Krance Development
Senses is a web browser extension that uses the CrossRider toolbar framework in order to inject display advertising in the user's browser.
83% remove it
The weDownloads Manager+  by Berta Brid Eco
This is a Brightcircle web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.
87% remove it
Torntv V9.0  by InstallDaddy Services Ltd.
This is a potentially unwanted program (PUP) that bundles various additional offers during setup, typically ad-supported (adware) in functionality.
88% remove it
 
Latest 20 of 16 programs
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-55.ip.secureserver.net  (50.63.202.55:80)

TCP (HTTP):
Connects to ip-184-168-221-35.ip.secureserver.net  (184.168.221.35:80)

TCP (HTTP):
Connects to ip-50-63-202-33.ip.secureserver.net  (50.63.202.33:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP SSL):
Connects to ec2-54-76-152-192.eu-west-1.compute.amazonaws.com  (54.76.152.192:443)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.49.10:80)

TCP (HTTP):
Connects to ip-50-63-202-59.ip.secureserver.net  (50.63.202.59:80)

TCP (HTTP):
Connects to ip-184-168-221-46.ip.secureserver.net  (184.168.221.46:80)

TCP (HTTP):
Connects to ip-184-168-221-33.ip.secureserver.net  (184.168.221.33:80)

TCP (HTTP SSL):
Connects to ec2-54-235-244-28.compute-1.amazonaws.com  (54.235.244.28:443)

TCP (HTTP SSL):
Connects to ec2-52-211-123-168.eu-west-1.compute.amazonaws.com  (52.211.123.168:443)

Remove 5aba926d-25d2-4a2f-9c93-178df6a11891-6.exe - Powered by Reason Core Security