» 93dee4e5-3afd-4154-8946-08f2b5c75d55-5.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

93dee4e5-3afd-4154-8946-08f2b5c75d55-5.exe

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application 93dee4e5-3afd-4154-8946-08f2b5c75d55-5.exe by Robokid Technologies has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program V-9.1HD by Evangelion Group which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

V-9.1HD (signed by Robokid Technologies)

Product:

V-9.1HD

Description:

V-9.1HD exe

Version:

1000.1000.1000.1000

MD5:

f4aa265b30ef593ff8ee25a48962bb58

SHA-1:

a2db5f89181da5c580ac8191199f3a26276b93af

SHA-256:

fbbf150faf6442baa868049ccdef543ddd230d155f836aa2aa234dc9d3c2df86

Scanner detections:

24 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/24/2024 10:16:08 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.444130

835

AegisLab AV Signature

Troj.W32.Vilsel

2.1.4+

AhnLab V3 Security

PUP/Win32.CrossRider

2014.10.23

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.180.154

avast!

Win32:Crossrider-AG [PUP]

141023-1

AVG

Generic

2015.0.3313

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141022

Bitdefender

Gen:Variant.Adware.Kazy.444130

1.0.20.1475

Dr.Web

Trojan.Crossrider.32358

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.444130

8.14.10.22.05

ESET NOD32

Win32/Toolbar.CrossRider.AH potentially unwanted application

7.0.302.0

F-Prot

W32/S-9ad4719b

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Kazy.444130

11.2014-22-10_4

G Data

Gen:Variant.Adware.Kazy.444130

14.10.24

K7 AntiVirus

Unwanted-Program

13.184.13741

Kaspersky

not-a-virus:WebToolbar.Win32.CroRi

15.0.0.494

Malwarebytes

PUP.Optional.PlusH.A

v2014.10.22.05

MicroWorld eScan

Gen:Variant.Adware.Kazy.444130

15.0.0.885

NANO AntiVirus

Riskware.Win32.CrossRider.ddyjsa

0.28.2.62841

Reason Heuristics

PUP.Crossrider.Task.g

14.10.22.17

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141020

Sophos

AppRider

4.98

VIPRE Antivirus

Threat.4789396

33706

Zillya! Antivirus

Adware.CroRi.Win32.218

2.0.0.1964

File size:

482 KB (493,592 bytes)

Product version:

1000.1000.1000.1000

Original file name:

V-9.1HD.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\v-9.1hd\93dee4e5-3afd-4154-8946-08f2b5c75d55-5.exe

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/23/2014 1:00:00 AM

Valid to:

6/24/2015 12:59:59 AM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

7/19/2014 11:03:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:Azzscj+HhX6Y9gfBvCZ1EOPRNnUwuSTvHfSsod8dv0QaT1V1TNPpTB5DLqpymw:AHmhX6Y9gfU7EOPRNH/SsPdNq15pTnPB

Entry address:

0x3E9A6

Entry point:

E8, 0F, CB, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, 58, 47, 00, E8, 04, 4A, 00, 00, E8, 78, 1D, 00, 00, 0F, B7, F0, 6A, 02, E8, A2, CA, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, EE, 7C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4843

Code size:

384.5 KB (393,728 bytes)

Scheduled Task

Task name:

93dee4e5-3afd-4154-8946-08f2b5c75d55-5

Trigger:

Logon (Runs on logon)

The file 93dee4e5-3afd-4154-8946-08f2b5c75d55-5.exe has been discovered within the following program.

V-9.1HD by Evangelion Group

Plus-HD-9.1c (Freeven) is an adware program that runs within the user's web browser and will modify various browser settings such as changing the search provider.

crossrider.com/install/61776-plus-hd-9-1c

86% remove it

Remove 93dee4e5-3afd-4154-8946-08f2b5c75d55-5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.