» b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4.exe

HDvid-Codec V9.0

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4.exe, “HDvid-Codec V9.0 exe” by CoolMirage has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program HDvid-Codec V9.0 by CoolMirage Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

installdaddy (signed by CoolMirage Ltd.)

Product:

HDvid-Codec V9.0

Description:

HDvid-Codec V9.0 exe

Version:

1000.1000.1000.1000

MD5:

6deb28a2b9665fa0e7f93eadc054015c

SHA-1:

e6fcf4a09f0c1ad3c92e4555ecf30b19ad9d3de1

SHA-256:

75f169f524b20914996ef27a058af9a26ffb0eb18be10c91e613e4358f4ffc3b

Scanner detections:

24 / 68

Status:

Adware

Explanation:

InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Analysis date:

4/24/2024 9:43:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.953958

922

Agnitum Outpost

PUA.AdLoad

7.1.1

Avira AntiVirus

Adware/CrossRider.A.7867

7.11.158.168

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14727

Bitdefender

Adware.Generic.953958

1.0.20.1040

Bkav FE

W32.CrossRiderP.Adware

1.3.0.4959

Comodo Security

ApplicUnwnt

18783

Emsisoft Anti-Malware

Adware.Generic.953958

8.14.07.27.09

ESET NOD32

Win32/Toolbar.CrossRider.AK (variant)

8.10052

Fortinet FortiGate

Adware/Adload

7/27/2014

F-Secure

Adware.Generic.953958

11.2014-27-07_1

G Data

Adware.Generic.953958

14.7.24

K7 AntiVirus

Unwanted-Program

13.180.12626

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.3496

Malwarebytes

PUP.Optional.HDvidCodec.A

v2014.07.27.09

MicroWorld eScan

Adware.Generic.953958

15.0.0.624

NANO AntiVirus

Riskware.Win32.AdLoad.dazujs

0.28.0.60577

Panda Antivirus

PUP/MultiToolbar.A

14.07.27.09

Qihoo 360 Security

Win32/Virus.Adware.fec

1.0.0.1015

Reason Heuristics

PUP.Task.CoolMirage.g

14.8.7.17

Sophos

Generic PUA OG

4.98

Trend Micro House Call

TROJ_GEN.R0C1B01FK14

7.2.208

Vba32 AntiVirus

AdWare.AdLoad

3.12.26.3

VIPRE Antivirus

Crossrider

31014

File size:

816.9 KB (836,480 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HDvid-Codec V9.0.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hdvid-codec v9.0\b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4.exe

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/5/2013 11:00:00 PM

Valid to:

6/6/2014 10:59:59 PM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

File PE Metadata

Compilation timestamp:

6/8/2014 9:06:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Ok9eD6lPN4m4IZ/3jngCxjggXeq1tRHUnX74tcTZuHLIVdwdpTfUJ:Ok9TwnovjngCxj7uFL4qZuHLI4Tm

Entry address:

0x8617F

Entry point:

E8, 97, E2, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41... 
[+]

Entropy:

6.5502

Code size:

667 KB (683,008 bytes)

Scheduled Task

Task name:

b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4

Trigger:

Logon (Runs on logon)

Action:

b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4.exe \flgmdfhh \hgwxvf='hdvid-codec v9.0' \hxvixm='C:\p

The file b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4.exe has been discovered within the following program.

HDvid-Codec V9.0 by CoolMirage Ltd.

HDVidCodec is an adware (advertising support) web browser application that is designed to display banner ads as well as contextual link ads (such as hyperlinks the user will see underlined).

www.coolmirage.com

80% remove it

Remove b9d4b9ed-4d4f-4f0e-82f9-23693a4538db-4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.