home

6310a65f-b32b-4972-97ed-92b30eb334bc.exe

CineDPV2

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application 6310a65f-b32b-4972-97ed-92b30eb334bc.exe by Robokid Technologies has been detected as adware by 13 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
CineDP  (signed by Robokid Technologies)

Product:
CineDPV2

Description:
CineDPV2 exe

Version:
1000.1000.1000.1000

MD5:
eba52f6cdc7a7d54a0cad58e25f391b0

SHA-1:
7aa2cf6393aa7e881159f9d81eb983f13d11308e

SHA-256:
26b877b5501aceaccd9118beeb35a5b6fd6ba494887c6abe02f27d9f68129a0e

Scanner detections:
13 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/25/2024 8:55:00 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.170.148

avast!
Win32:Adware-gen [Adw]
2014.9-140902

AVG
Generic
2015.0.3363

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.14107

ESET NOD32
Win32/Toolbar.CrossRider.AG potentially unwanted application
7.0.302.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3136

Malwarebytes
PUP.Optional.InfoHD.A
v2014.10.07.07

McAfee
Artemis!FADA36503DBC
5600.6984

Panda Antivirus
Trj/Genetic.gen
14.09.02.06

Qihoo 360 Security
Win32/Virus.Adware.960
1.0.0.1015

Reason Heuristics
PUP.Crossrider.RobokidTechnologies.e
14.9.2.15

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
32210

File size:
357.5 KB (366,104 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CineDPV2.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinedpv2\6310a65f-b32b-4972-97ed-92b30eb334bc.exe

Digital Signature
Signed by:
Robokid Technologies

Authority:
COMODO CA Limited

Valid from:
6/23/2014 1:00:00 AM

Valid to:
6/24/2015 12:59:59 AM

Subject:
CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata
Compilation timestamp:
9/2/2014 11:01:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:2O8HrXKKTQvQPZ4J2EtWEeAzepTBa4RsCsA:2lHrGviyIsEAzepTEeh

Entry address:
0x269D2

Entry point:
E8, 44, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75...
 
[+]

Entropy:
6.4017

Code size:
264 KB (270,336 bytes)

Scheduled Task
Task name:
6310a65f-b32b-4972-97ed-92b30eb334bc

Trigger:
Logon (Runs on logon)

Action:
6310a65f-b32b-4972-97ed-92b30eb334bc.exe \agentregpath='cinedpv2' \appid=58356 \srcid='0019


Remove 6310a65f-b32b-4972-97ed-92b30eb334bc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.