» b5a118db-9bc9-4db1-ad7e-835691923108-1-7.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

b5a118db-9bc9-4db1-ad7e-835691923108-1-7.exe

Digit Network (Extreme White Limited)

The application b5a118db-9bc9-4db1-ad7e-835691923108-1-7.exe, “MyBrowser 1.0.2V27.10 exe” by Digit Network (Extreme White Limited) has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.

File name:

Publisher:

MyBrowser 1.0.2V27.10 (signed by Digit Network (Extreme White Limited))

Product:

MyBrowser 1.0.2V27.10

Description:

MyBrowser 1.0.2V27.10 exe

Version:

1000.1000.1000.1000

MD5:

e6cdb0ea64567bb07ba9b5788a9b6b36

SHA-1:

7ed0161752be50479004a59f0f174c8960284386

SHA-256:

592def453257cb22c97e131241d43a87bdb88ee6230ffecc92b5a399677a66d7

Scanner detections:

21 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

7/5/2025 6:49:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.cv1@m4CX@ziO

463

AhnLab V3 Security

PUP/Win32.CrossRider

2015.10.28

Avira AntiVirus

ADWARE/CrossRider.1094736

8.3.2.2

AVG

Generic_r

2016.0.2941

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.151030

Bitdefender

Gen:Application.Heur.cv1@m4CX@ziO

1.0.20.1515

Bkav FE

W32.HfsAdware

1.3.0.7383

Comodo Security

Application.Win32.CrossRider.CK

23487

ESET NOD32

Win32/Toolbar.CrossRider.CD potentially unwanted (variant)

9.12476

F-Secure

Gen:Application.Heur.cv1@m4CX@ziO

11.2015-30-10_6

G Data

Gen:Application.Heur.cv1@m4CX@ziO

15.10.25

K7 AntiVirus

Unwanted-Program

13.212.17671

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.1200

Malwarebytes

PUP.Optional.MyBrowser

v2015.10.30.01

MicroWorld eScan

Gen:Application.Heur.cv1@m4CX@ziO

16.0.0.909

NANO AntiVirus

Trojan.Win32.Agent.dvtooz

0.30.26.3947

Panda Antivirus

Trj/Genetic.gen

15.10.30.01

Reason Heuristics

Adware.Crossrider.ExtremeWhite (M)

15.10.30.1

Rising Antivirus

PE:PUF.CrossRider!1.A157 [F]

23.00.65.151028

SUPERAntiSpyware

Adware.CrossRider/Variant

9539

VIPRE Antivirus

Crossrider

44864

File size:

1 MB (1,094,736 bytes)

Product version:

1000.1000.1000.1000

Original file name:

MyBrowser 1.0.2V27.10.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\mybrowser 1.0.2v27.10\b5a118db-9bc9-4db1-ad7e-835691923108-1-7.exe

Digital Signature

Signed by:

Digit Network (Extreme White Limited)

Authority:

COMODO CA Limited

Valid from:

4/14/2015 9:00:00 PM

Valid to:

4/14/2016 8:59:59 PM

Subject:

CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00F39F5E5096779B72822CF8381166A432

File PE Metadata

Compilation timestamp:

10/27/2015 6:04:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:a98r8xJarkkLtMpUQBoRP1ouQJLIcypScbCTao:arwkkL0UbSuQOcypScbCTao

Entry address:

0x9B3EB

Entry point:

E8, DE, 00, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 0C, 57, 85, C9, 0F, 84, 92, 00, 00, 00, 56, 53, 8B, D9, 8B, 74, 24, 14, F7, C6, 03, 00, 00, 00, 8B, 7C, 24, 10, 75, 0B, C1, E9, 02, 0F, 85, 85, 00, 00, 00, EB, 27, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 83, E9, 01, 74, 2B, 84, C0, 74, 2F, F7, C6, 03, 00, 00, 00, 75, E5, 8B, D9, C1, E9, 02, 75, 61, 83, E3, 03, 74, 13, 8A, 06, 83, C6, 01, 88, 07, 83, C7, 01, 84, C0, 74, 37, 83, EB, 01, 75, ED, 8B, 44, 24, 10, 5B... 
[+]

Code size:

761 KB (779,264 bytes)

Scheduled Task

Task name:

b5a118db-9bc9-4db1-ad7e-835691923108-1-7

Trigger:

Logon (Runs on logon)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.49.233:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.10:80)

Remove b5a118db-9bc9-4db1-ad7e-835691923108-1-7.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.