home

5eec38c5-5ac4-41c1-b52a-6c56e2708a69-2.exe

videosMediaPlayersversion2.1LProductVersion

Railroad Party Apps

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 5eec38c5-5ac4-41c1-b52a-6c56e2708a69-2.exe, “videosMediaPlayersversion2.1 exeHFileVersion” by Railroad Party Apps has been detected as adware by 35 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
enter  (signed by Railroad Party Apps)

Product:
videosMediaPlayersversion2.1LProductVersion

Description:
videosMediaPlayersversion2.1 exeHFileVersion

Version:
1000.1000.1000.1000

MD5:
43510b34fe7348d454f1976cb8d223c5

SHA-1:
c47fb0fc91c709db8b664e7f798efcef907418f2

Scanner detections:
35 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/23/2024 11:27:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.5u1@mWPR25jO
675

AhnLab V3 Security
PUP/Win32.CrossRider
2015.03.29

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.182.28

avast!
Win32:Crossrider-AI [PUP]
2014.9-150401

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1541

Bitdefender
Gen:Application.Heur.5u1@mWPR25jO
1.0.20.455

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
ApplicUnwnt
21575

Dr.Web
Trojan.Crossrider.37573
9.0.1.091

ESET NOD32
Win32/Toolbar.CrossRider.AY (variant)
9.10639

Fortinet FortiGate
W32/GoogUpdate.AY!tr
4/1/2015

F-Prot
W32/S-a64d6097
v6.4.7.1.166

F-Secure
Gen:Application.Heur.5u1@mWPR25jO
11.2015-01-04_4

G Data
Win32.Adware.Crossrider
15.4.24

herdProtect (fuzzy)
variant of 365ab92e-4645-4484-b203-92e8a98ffd04-2.exe (Adware)
2015.7.6.3

K7 AntiVirus
Unwanted-Program
13.185.13840

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2259

Malwarebytes
PUP.Optional.BrowserApp.A
v2015.04.01.06

McAfee
Artemis!43510B34FE73
5600.6809

Microsoft Security Essentials
BrowserModifier:Win32/IeEnablerCby
1.1.11502.0

MicroWorld eScan
Gen:Application.Heur.5u1@mWPR25jO
16.0.0.273

NANO AntiVirus
Trojan.Win32.Crossrider.dhzzlp
0.30.8.659

nProtect
Trojan/W32.Agent.934304.B
15.03.27.01

Panda Antivirus
Trj/Genetic.gen
15.04.01.06

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.BrightCircle.OD6
4.15.14.00

Reason Heuristics
Adware.Crossrider.Task.Brightcircle
15.4.1.6

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15330

Sophos
AppRider
4.98

SUPERAntiSpyware
Adware.CrossRider/Variant
9962

Trend Micro House Call
TROJ_GEN.F0C2C00BD15
7.2.91

Trend Micro
TROJ_GEN.F0C2C00BD15
10.465.01

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Crossrider
34342

Zillya! Antivirus
Trojan.GoogUpdate.Win32.4202
2.0.0.2120

File size:
912.4 KB (934,304 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
videosMediaPlayersversion2.1.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\videosmediaplayersversion2.1\5eec38c5-5ac4-41c1-b52a-6c56e2708a69-2.exe

Digital Signature
Signed by:
Railroad Party Apps

Authority:
COMODO CA Limited

Valid from:
10/20/2014 3:00:00 AM

Valid to:
10/21/2015 2:59:59 AM

Subject:
CN=Railroad Party Apps, O=Railroad Party Apps, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
066FE8567876E15A3F87AB41B136D294

File PE Metadata
Compilation timestamp:
10/29/2014 10:36:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:iI1fsxIr4WqMxw8CTRxPVvdP+VdlrW34rAkah2MnsW95Unn23pSQA+pTRD:iI1IIaMxwlTzPVL1Bh2Mnt13pSQLTB

Entry address:
0x83B90

Entry point:
E8, 8B, B3, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, AA, 4D, 00, E8, AA, 50, 00, 00, E8, 32, 45, 00, 00, 0F, B7, F0, 6A, 02, E8, 1E, B3, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, B4, 56, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.5959

Code size:
643.5 KB (658,944 bytes)

Scheduled Task
Task name:
5eec38c5-5ac4-41c1-b52a-6c56e2708a69-2

Path:
C:\WINDOWS\Tasks\5eec38c5-5ac4-41c1-b52a-6c56e2708a69-2.job

Trigger:
Logon (Runs on logon)


Remove 5eec38c5-5ac4-41c1-b52a-6c56e2708a69-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.