home

89a59954-1b4a-493c-bfe1-0c6c19aa83b7.exe

HQube-V1.6

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application 89a59954-1b4a-493c-bfe1-0c6c19aa83b7.exe by Evangelion Group has been detected as adware by 19 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
HQFree  (signed by Evangelion Group)

Product:
HQube-V1.6

Description:
HQube-V1.6 exe

Version:
1000.1000.1000.1000

MD5:
62e7a42965bbbcc058c2a17b62d505d2

SHA-1:
147b49f27aceb12ec1236d8eeb028cf4e927886b

SHA-256:
632e08c01c454aac70af50655ec6838629a9e457a9b9bdf90b1c5c0c72c2a312

Scanner detections:
19 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/25/2024 2:51:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.27043
865

Avira AntiVirus
Adware/CrossRider.pl
7.11.168.254

avast!
Win32:Crossrider-M [PUP]
140813-1

Bitdefender
Gen:Variant.Symmi.27043
1.0.20.1325

Dr.Web
Trojan.Crossrider.30105
9.0.1.0265

Emsisoft Anti-Malware
Gen:Variant.Symmi.27043
8.14.09.22.02

ESET NOD32
Win32/Toolbar.CrossRider.AG potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Symmi.27043
11.2014-22-09_2

G Data
Gen:Variant.Symmi.27043
14.9.24

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.494

Malwarebytes
PUP.Optional.CinemaHD.A
v2014.09.22.02

McAfee
Artemis!B990310807E5
5600.6999

MicroWorld eScan
Gen:Variant.Symmi.27043
15.0.0.795

NANO AntiVirus
Trojan.Win32.GoogUpdate.dedeay
0.28.2.61721

Panda Antivirus
Trj/Genetic.gen
14.09.22.02

Qihoo 360 Security
Win32/Virus.Adware.960
1.0.0.1015

Reason Heuristics
PUP.EvangelionGroup.e
14.8.22.20

Sophos
Generic PUA MK
4.98

VIPRE Antivirus
Threat.4789396
32210

File size:
349.9 KB (358,256 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HQube-V1.6.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hqube-v1.6\89a59954-1b4a-493c-bfe1-0c6c19aa83b7.exe

Digital Signature
Signed by:
Evangelion Group

Authority:
COMODO CA Limited

Valid from:
7/27/2014 7:00:00 PM

Valid to:
7/28/2015 6:59:59 PM

Subject:
CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata
Compilation timestamp:
8/21/2014 5:02:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:Bn8ZbThPHu54cIOYU76hd+qGsORcO5wEpTBZOOw159Am:BETU54xOY5hd7JaKEpTbOOhm

Entry address:
0x25252

Entry point:
E8, 46, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75...
 
[+]

Entropy:
6.4143

Code size:
255 KB (261,120 bytes)

Scheduled Task
Task name:
89a59954-1b4a-493c-bfe1-0c6c19aa83b7

Trigger:
Logon (Runs on logon)

Action:
89a59954-1b4a-493c-bfe1-0c6c19aa83b7.exe \agentregpath='hqube-v1.6' \appid=61768 \srcid='00


Remove 89a59954-1b4a-493c-bfe1-0c6c19aa83b7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.