» b237092c-44da-4d02-bc4b-e1762a890620-11.exe
Overview
Analysis
File Details
Behaviors (1)

b237092c-44da-4d02-bc4b-e1762a890620-11.exe

Torpedo

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application b237092c-44da-4d02-bc4b-e1762a890620-11.exe by Motoko Group has been detected as adware by 20 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Motoko Group (signed and verified)

Product:

Torpedo

Version:

1.0.0.0

MD5:

b5addbb77bd97a4457341e2b5ab85fa1

SHA-1:

5908ab360ba38879c4124fa8d5b2b571fa68dcb4

SHA-256:

43a56d5a9328d697f484f377414fd0d9714c5216815f99210c4285f1172be107

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

5/7/2024 8:43:27 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Crossrider.AQ

838

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.173.16

AVG

Generic

2015.0.3316

Baidu Antivirus

Adware.Win32.GoogUpdate

4.0.3.141019

Bitdefender

Adware.Crossrider.AQ

1.0.20.1460

Dr.Web

Trojan.Crossrider.28707

9.0.1.0292

Emsisoft Anti-Malware

Adware.Crossrider.AQ

8.14.10.19.03

F-Secure

Adware.Crossrider.AQ

11.2014-19-10_1

G Data

Adware.Crossrider.AQ

14.10.24

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.8.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3077

McAfee

Artemis!B5ADDBB77BD9

5600.6972

MicroWorld eScan

Adware.Crossrider.AQ

15.0.0.876

nProtect

Trojan/W32.Agent.31592.E

14.09.17.01

Panda Antivirus

Trj/Chgt.C

14.10.19.03

Reason Heuristics

PUP.Task.MotokoGroup.h

14.10.19.15

Trend Micro House Call

Suspicious_GEN.F47V0816

7.2.292

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

33212

Zillya! Antivirus

Trojan.GoogUpdate.Win32.2701

2.0.0.1926

File size:

30.9 KB (31,592 bytes)

Product version:

1.0.0.0

Original file name:

TorpedoCh.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hd-v1.9\b237092c-44da-4d02-bc4b-e1762a890620-11.exe

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/18/2014 1:00:00 AM

Valid to:

7/19/2015 12:59:59 AM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

7/25/2014 6:06:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:n+V8LlpsImHicBNqJgOhyi959NepeXwhygfnrXt:nGOliImAJNyFcCySrXt

Entry address:

0x7E0E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

24 KB (24,576 bytes)

Scheduled Task

Task name:

b237092c-44da-4d02-bc4b-e1762a890620-11

Trigger:

Logon (Runs on logon)

Remove b237092c-44da-4d02-bc4b-e1762a890620-11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.