» 8897.exe
Overview
Analysis
File Details
Downloads (1)

8897.exe

CinemaPlus-3.2cV06.07

Digit Network (Extreme White Limited)

The application 8897.exe, “CinemaPlus-3.2cV06.07 Installer” by Digit Network (Extreme White Limited) has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.staticclientstorage.com.

File name:

8897.exe

Publisher:

Cinema PlusV06.07 (signed by Digit Network (Extreme White Limited))

Product:

CinemaPlus-3.2cV06.07

Description:

CinemaPlus-3.2cV06.07 Installer

Version:

1.36.01.22

MD5:

ead1cb639ffb756354e9cf8001c47b72

SHA-1:

0809f3a97c5ad840c19ad79fbe1659d5f59f7aef

SHA-256:

1686e05d5987a97df738b0005afdefd4777b0d27e730bffa4c425e2d6dd18725

Scanner detections:

19 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/23/2024 9:59:50 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.ScrambleWrapper

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.07.07

Avira AntiVirus

ADWARE/CrossRider.Gen7

8.3.1.6

avast!

Win32:ScrambleWrapper-A [PUP]

2014.9-150707

AVG

AdLoad

2016.0.3056

Bkav FE

W32.HfsAdware

1.3.0.6979

Clam AntiVirus

Win.Trojan.Crossrider-36

0.98/21511

Dr.Web

Trojan.Lyrics.645

9.0.1.0188

ESET NOD32

Win32/Packed.ScrambleWrapper.O potentially unwanted (variant)

9.11898

IKARUS anti.virus

PUA.ScrambleWrapper

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.205.16474

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.1774

Malwarebytes

PUP.Optional.CrossRider.A

v2015.07.07.04

NANO AntiVirus

Trojan.Win32.MLW.dpnylv

0.30.24.2487

Panda Antivirus

PUP/HQVideoPro

15.07.07.04

Reason Heuristics

PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited.Installer (M)

15.7.7.4

Rising Antivirus

PE:Malware.Adwapper!6.25A8

23.00.65.15705

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

41774

File size:

13.6 MB (14,259,624 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\8897.exe

Digital Signature

Signed by:

Digit Network (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/14/2015 9:00:00 PM

Valid to:

4/14/2016 8:59:59 PM

Subject:

CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F39F5E5096779B72822CF8381166A432

File PE Metadata

Compilation timestamp:

12/4/2012 10:55:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

393216:xCUZFe4hFSyOlHujDsYQMU7uAgq7mEtvVaC9R+8E:QEeySHluHs9M0r/7miIC9RS

Entry address:

0x412D

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 45, 00, 56, A3, F4, E7, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, E8, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 45, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Code size:

33.5 KB (34,304 bytes)

The file 8897.exe has been seen being distributed by the following URL.

http://dl.staticclientstorage.com/69/all/cp1/.../setup.exe

Remove 8897.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.