home

addplushd-chromeinstaller.exe

addplushd

hdideo

The application addplushd-chromeinstaller.exe has been detected as adware by 3 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The file utilizes the Crossrider browser extension platform. ChromeInstaller is the component designed to install and manage the extension's Google Chrome integration. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.
Publisher:
hdideo

Product:
addplushd

Description:
addplushd exe

Version:
1000.1000.1000.1000

MD5:
2988a9242708f8fbf3806fafabeeabd5

SHA-1:
b3c124a95828ad9339c296ff1916a801c3467a25

SHA-256:
fcd3a43d07c6801adfd9ebdfb165deee84de08d90a65a42b403ab688c48e2425

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Gogole Chrome.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
5/21/2024 11:29:48 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Malwarebytes
PUP.Optional.AddPusHD.A
v2014.03.26.11

Reason Heuristics
PUP.Crossrider.hdideo.Z
14.3.26.9

VIPRE Antivirus
Crossrider
27754

File size:
2 MB (2,051,584 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
addplushd.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\addplushd\addplushd-chromeinstaller.exe

File PE Metadata
Compilation timestamp:
3/10/2014 8:04:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:IibYKzvp4B6PAj3osVuBcx4O+4DGR1pSIkfTcUzn+nPRx:IisK14B6PAj3osVZyOx

Entry address:
0xFFE74

Entry point:
E8, 50, 09, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 83, 0A, 01, 00, 3B, 30, 7C, 07, E8, 7A, 0A, 01, 00, 8B, 30, E8, 6D, 0A, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, A7, 5D, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 30, 30, 56, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, FA, 30, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 30, 30, 56, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 73, EC...
 
[+]

Code size:
1.1 MB (1,199,616 bytes)

Scheduled Task
Task name:
addplushd-chromeinstaller

Trigger:
Logon (Runs on logon)

Action:
addplushd-chromeinstaller.exe \rawdata=tlf1k99mrmyn9tjkfc0p5irkkzm1pjitwxrakg14y


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/003817/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove addplushd-chromeinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.