» b413f28ce0725e6d2365b1e6ca7d0c1dc74559118c79dda17453593a15e09f79
Overview
Analysis
File Details

b413f28ce0725e6d2365b1e6ca7d0c1dc74559118c79dda17453593a15e09f79

Plus-HD-9.11

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The file b413f28ce0725e6d2365b1e6ca7d0c1dc74559118c79dda17453593a15e09f79 by Kimahri Software inc has been detected as adware by 14 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

Plus HDC (signed by Kimahri Software inc.)

Product:

Plus-HD-9.11

Description:

Plus-HD-9.11 BHO

Version:

1000.1000.1000.1000

MD5:

8fd6e603f258eccba1e78a8b76da868d

SHA-1:

39931a7b03bd4bea2eaea1ddc33e75d666d18a85

SHA-256:

b413f28ce0725e6d2365b1e6ca7d0c1dc74559118c79dda17453593a15e09f79

Scanner detections:

14 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

5/6/2024 7:12:17 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2014.11.24

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.188.94

avast!

Win32:Crossrider-AK [PUP]

2014.9-150604

AVG

MultiBundle.S

2016.0.3089

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.1564

Comodo Security

ApplicUnwnt

20181

ESET NOD32

Win64/Toolbar.Crossrider (variant)

9.10771

G Data

Win64.Adware.Crossrider

15.6.24

IKARUS anti.virus

AdWare.PlusHD

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.14113

Kaspersky

not-a-virus:WebToolbar.Win32.CroRi

14.0.0.1938

Panda Antivirus

PUP/PlusHD

15.06.04.08

Reason Heuristics

PUP.Brightcicrle.Brightcircle

15.6.4.8

VIPRE Antivirus

Crossrider

35082

File size:

649.9 KB (665,448 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Plus-HD-9.11.dll

Language:

English (United States)

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/7/2013 1:00:00 AM

Valid to:

3/7/2016 12:59:59 AM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata

Compilation timestamp:

4/24/2014 5:22:46 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:iDN3Pmm8u91dBvRrl7z0W7BTdq5g5XsT4AuIhWx7WZ3TDKsrrTc7C/mt/hv/TPyw:2xB8T3y+G0mtFOZKWT9ryTzqRsceo4

Entry address:

0x4AC18

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 6B, D2, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 1C, F0, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

6.1608

Code size:

415.5 KB (425,472 bytes)

Remove b413f28ce0725e6d2365b1e6ca7d0c1dc74559118c79dda17453593a15e09f79 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.