» b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3.exe

HDvid-Codec V9.0

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3.exe, “HDvid-Codec V9.0 exe” by CoolMirage has been detected as adware by 26 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program HDvid-Codec V9.0 by CoolMirage Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

installdaddy (signed by CoolMirage Ltd.)

Product:

HDvid-Codec V9.0

Description:

HDvid-Codec V9.0 exe

Version:

1000.1000.1000.1000

MD5:

cfe6a567fda33be283b7b7560eafa79d

SHA-1:

41fcfd0d7adc8034210afc4f806df05921bb6a84

SHA-256:

06c78294b90f4b1b0186d738c5822cd66686f36cfb6b098e34cd511267193c6f

Scanner detections:

26 / 68

Status:

Adware

Explanation:

InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Analysis date:

4/26/2024 1:35:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.374062

922

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

Adware/CrossRider.A.7773

7.11.158.168

Baidu Antivirus

Adware.Win32.AdLoad

4.0.3.14727

Bitdefender

Gen:Variant.Adware.Kazy.374062

1.0.20.1040

Clam AntiVirus

Win.Adware.Plush-25

0.98/21411

Comodo Security

ApplicUnwnt

18783

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.374062

8.14.07.27.09

ESET NOD32

Win32/Toolbar.CrossRider.AK (variant)

8.10052

Fortinet FortiGate

Riskware/Toolbar_CrossRider

7/27/2014

F-Secure

Gen:Variant.Adware.Kazy.374062

11.2014-27-07_1

G Data

Gen:Variant.Adware.Kazy.374062

14.7.24

IKARUS anti.virus

not-a-virus:AdWare.AdLoad

t3scan.1.6.1.0

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.3496

Malwarebytes

PUP.Optional.HDvidCodec.A

v2014.07.27.09

McAfee

Artemis!CFE6A567FDA3

5600.7056

MicroWorld eScan

Gen:Variant.Adware.Kazy.374062

15.0.0.624

NANO AntiVirus

Riskware.Win32.AdLoad.dazsfm

0.28.0.60577

Panda Antivirus

PUP/MultiToolbar.A

14.07.27.09

Qihoo 360 Security

Win32/Virus.Adware.dc1

1.0.0.1015

Quick Heal

AdWare.AdLoad.g5 (Not a Virus)

7.14.14.00

Reason Heuristics

PUP.Task.CoolMirage.g

14.8.7.17

Sophos

Generic PUA EB

4.98

Trend Micro House Call

TROJ_SPNR.0BFI14

7.2.208

Trend Micro

TROJ_SPNR.0BFI14

10.465.27

VIPRE Antivirus

Crossrider

31014

File size:

1.8 MB (1,900,928 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HDvid-Codec V9.0.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hdvid-codec v9.0\b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3.exe

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/5/2013 11:00:00 PM

Valid to:

6/6/2014 10:59:59 PM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

File PE Metadata

Compilation timestamp:

6/8/2014 9:08:05 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:Hmd3LiggN3aDjV5n/r+2gB8pSm9T64Uzn+nPRxW:Hq3HgNKHH/rQV

Entry address:

0xE1F64

Entry point:

E8, 33, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 66, 01, 01, 00, 3B, 30, 7C, 07, E8, 5D, 01, 01, 00, 8B, 30, E8, 50, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 27, 5E, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 40, 26, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 40, 26, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, F3, EC... 
[+]

Entropy:

6.8630

Code size:

1 MB (1,079,808 bytes)

Scheduled Task

Task name:

b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3

Trigger:

Logon (Runs on logon)

Action:

b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3.exe \yzswm=puzvgxfqvh1iup10pdgbs2non0h90oxcrfiaa+qez8l

The file b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3.exe has been discovered within the following program.

HDvid-Codec V9.0 by CoolMirage Ltd.

HDVidCodec is an adware (advertising support) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).

www.coolmirage.com

80% remove it

Remove b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.