» b83c3cfd-9ef6-4d21-b6f3-fecde40e0e51-10.exe
Overview
Analysis
File Details
Programs (1)

b83c3cfd-9ef6-4d21-b6f3-fecde40e0e51-10.exe

Clip-High_D_06

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The application b83c3cfd-9ef6-4d21-b6f3-fecde40e0e51-10.exe, “Clip-High_D_06 exe” by Kimahri Software inc has been detected as adware by 9 anti-malware scanners. This file is typically installed with the program Clip-High_D_06 by Kimahri Software inc. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

BNT_D (signed by Kimahri Software inc.)

Product:

Clip-High_D_06

Description:

Clip-High_D_06 exe

Version:

1000.1000.1000.1000

MD5:

4a199784615f181ec172bdf311f33623

SHA-1:

e831b838816de450a4c1112510b25ad70d66fa0a

SHA-256:

b8dfa0be9243f66a6c463d76755bf1dd672b96966f7363c47ef82ebfe11feb28

Scanner detections:

9 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

5/8/2024 2:14:29 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.165.22

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.15104

ESET NOD32

Win32/Toolbar.CrossRider.AG (variant)

9.10197

G Data

Win32.Application.Plush

15.10.24

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.ClipHD.A

v2015.10.04.12

Panda Antivirus

PUP/PlusHD

15.10.04.12

Reason Heuristics

Adware.Crossrider.Brightcircle (M)

15.10.4.0

VIPRE Antivirus

Crossrider

31886

File size:

328.4 KB (336,232 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Clip-High_D_06.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\clip-high_d_06\b83c3cfd-9ef6-4d21-b6f3-fecde40e0e51-10.exe

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/6/2013 4:00:00 PM

Valid to:

3/6/2016 3:59:59 PM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata

Compilation timestamp:

7/12/2014 3:01:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:+ac51B8INfaBJfATvKhz7CESXuNu8WpTBRLd1JqSqo0Ls8D:+aI6JfA2hz7JyGWpTvLd1+

Entry address:

0x2545B

Entry point:

E8, 53, AD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9... 
[+]

Entropy:

6.4375

Code size:

237 KB (242,688 bytes)

The file b83c3cfd-9ef6-4d21-b6f3-fecde40e0e51-10.exe has been discovered within the following program.

Clip-High_D_06 by Kimahri Software inc.

Clip-High is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

82% remove it

Remove b83c3cfd-9ef6-4d21-b6f3-fecde40e0e51-10.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.