» bde1229b-7c52-4197-9678-151e302da961-11.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

bde1229b-7c52-4197-9678-151e302da961-11.exe

video MediaPlay-Air

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application bde1229b-7c52-4197-9678-151e302da961-11.exe, “video MediaPlay-Air exe” by Robokid Technologies has been detected as adware by 23 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program video MediaPlay-Air by Robokid Technologies which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

enter (signed by Robokid Technologies)

Product:

video MediaPlay-Air

Description:

video MediaPlay-Air exe

Version:

1000.1000.1000.1000

MD5:

fd04723eeafac03d92113791fcc20a0c

SHA-1:

6b6f71ea517d4df1e7a4e80c8bfa38c7ea8f1abd

SHA-256:

09dd1151a856c08947aadcfa76f84fd9e78c7928543d23fd3689d1a391562e23

Scanner detections:

23 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/24/2024 5:10:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OGC

861

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.116

AVG

Generic

2015.0.3404

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14723

Bitdefender

Adware.Agent.OGC

1.0.20.1345

Comodo Security

ApplicUnwnt

19062

Dr.Web

Trojan.Crossrider.17413

9.0.1.0269

Emsisoft Anti-Malware

Adware.Agent.OGC

8.14.09.26.03

ESET NOD32

Win32/Toolbar.CrossRider.AK (variant)

8.10138

Fortinet FortiGate

Riskware/Toolbar_CrossRider

9/26/2014

F-Secure

Adware.Agent.OGC

11.2014-26-09_6

G Data

Adware.Agent.OGC

14.9.24

IKARUS anti.virus

AdWare.Adload

t3scan.1.6.1.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3192

Malwarebytes

PUP.Optional.MediaPlayer.A

v2014.07.23.02

McAfee

Artemis!C02C5FD463D3

5600.6995

MicroWorld eScan

Adware.Agent.OGC

15.0.0.807

nProtect

Adware.Agent.OGC

14.07.29.01

Panda Antivirus

Trj/Genetic.gen

14.07.23.02

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.26.15

Sophos

Generic PUA KA

4.98

Trend Micro House Call

Suspicious_GEN.F47V0723

7.2.269

VIPRE Antivirus

Crossrider

31512

File size:

1.8 MB (1,893,400 bytes)

Product version:

1000.1000.1000.1000

Original file name:

video MediaPlay-Air.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\video mediaplay-air\bde1229b-7c52-4197-9678-151e302da961-11.exe

Digital Signature

Signed by:

Robokid Technologies

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

49152:FlbHID7dS93DJyA23tUy3Y2pS/1TVyUzn+nPRx4:F1He89dV29E3

Entry point:

E8, 3C, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 6F, 01, 01, 00, 3B, 30, 7C, 07, E8, 66, 01, 01, 00, 8B, 30, E8, 59, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 60, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 80, 12, 54, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 80, 12, 54, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, D3, ED... 
[+]

Scheduled Task

Task name:

bde1229b-7c52-4197-9678-151e302da961-11

Trigger:

Logon (Runs on logon)

Action:

bde1229b-7c52-4197-9678-151e302da961-11.exe \uyuvonoda=mbzu8qlqz+cqvjut6imzowugs2v4go14sqqwzpu

The file bde1229b-7c52-4197-9678-151e302da961-11.exe has been discovered within the following program.

video MediaPlay-Air by Robokid Technologies

video MediaPlay-Air (Freeven) is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/59599-video-mediaplayer

83% remove it

Remove bde1229b-7c52-4197-9678-151e302da961-11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.