» appshat.exe
Overview
Analysis
File Details
Downloads (1)
Network (1)

appshat.exe

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application appshat.exe by ColoColo Apps (Bright Circle Investments) has been detected as adware by 23 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.newinputinfoservice.com. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

appshat.exe

Publisher:

ColoColo Apps (Bright Circle Investments Ltd) (signed and verified)

MD5:

a280b22221e47e80ad325c8dd1d189d5

SHA-1:

68759a90eae41c04c56e67b63a0828e478d4728b

SHA-256:

09814ffe43220a60e4b388cd4a7471629e25c5d26382cca8b6182377cb7c3846

Scanner detections:

23 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/24/2024 3:16:03 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.173350

689

AhnLab V3 Security

PUP/Win32.CrossRider

2015.02.19

Avira AntiVirus

ADWARE/CrossRider.Gen4

7.11.205.162

avast!

Win32:Malware-gen

2014.9-150128

AVG

Generic

2016.0.3167

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.15318

Bitdefender

Gen:Variant.Adware.Graftor.173350

1.0.20.385

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.CrossRider.KI

21132

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.173350

8.15.03.18.12

ESET NOD32

Win32/Toolbar.CrossRider.BX potentially unwanted application

9.7.0.302.0

F-Prot

W32/S-3bb7e8cf

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.173350

11.2015-18-03_4

G Data

Gen:Variant.Adware.Graftor.173350

15.3.25

IKARUS anti.virus

Trojan-Dropper.Win32.Addrop

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.196.15015

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.2572

Malwarebytes

PUP.Optional.CrossRider.A

v2015.03.18.12

MicroWorld eScan

Gen:Variant.Adware.Graftor.173350

16.0.0.231

Panda Antivirus

Trj/Genetic.gen

15.03.18.12

Reason Heuristics

Adware.BrightCircle.ColoColoAppsBrightCircleInvestments

15.2.10.11

VIPRE Antivirus

Crossrider

37036

Zillya! Antivirus

Adware.CrossRider.Win32.2530

2.0.0.2073

File size:

196.5 KB (201,176 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\appshat.exe

Digital Signature

Signed by:

ColoColo Apps (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 2:00:00 AM

Valid to:

12/17/2015 1:59:59 AM

Subject:

CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata

Compilation timestamp:

1/28/2015 1:08:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:t1VmAqH8dF/n1vPqn1G+LiYYivs1C8/ehoraNUX/+d73LGO:tuX8M1GQFvs1C8/ehoraNUXGZ3KO

Entry address:

0x11924

Entry point:

E8, 3D, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 54, 16, 33, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 01, 33, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 54, 16, 33, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00... 
[+]

Entropy:

6.5662

Code size:

146.5 KB (150,016 bytes)

The file appshat.exe has been seen being distributed by the following URL.

http://dl.newinputinfoservice.com/smt2b/all/hat/.../setup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to hwcdn.net (69.16.175.42:80)

Remove appshat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.