» bde1229b-7c52-4197-9678-151e302da961-2.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

bde1229b-7c52-4197-9678-151e302da961-2.exe

video MediaPlay-Air

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application bde1229b-7c52-4197-9678-151e302da961-2.exe, “video MediaPlay-Air exe” by Robokid Technologies has been detected as adware by 11 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program video MediaPlay-Air by Robokid Technologies which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

enter (signed by Robokid Technologies)

Product:

video MediaPlay-Air

Description:

video MediaPlay-Air exe

Version:

1000.1000.1000.1000

MD5:

0b44395588a23ae3c8c5c0cc2ea0474d

SHA-1:

00db54756c10b40edb601cb50331d2e0447862f3

SHA-256:

be208dfdb72717fbc9be576e600ee8175b6932111c35520495dbfd9e8511ebd9

Scanner detections:

11 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/18/2024 7:41:22 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.116

AVG

Generic

2015.0.3404

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14723

ESET NOD32

Win32/Toolbar.CrossRider.AJ (variant)

8.10138

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

IKARUS anti.virus

AdWare.Adload

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.MediaPlayer.A

v2014.07.23.02

Panda Antivirus

Trj/Genetic.gen

14.07.23.02

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14721

Sophos

AppRider

4.98

VIPRE Antivirus

Crossrider

31512

File size:

349.5 KB (357,912 bytes)

Product version:

1000.1000.1000.1000

Original file name:

video MediaPlay-Air.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\video mediaplay-air\bde1229b-7c52-4197-9678-151e302da961-2.exe

Digital Signature

Signed by:

Robokid Technologies

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:7zDr0j16MlevPUfql/UhzeMhELHpTBM7EHGko:7zDrszeX6qd0zebLHpTu7T

Entry point:

E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 36, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E5, 57, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Scheduled Task

Task name:

bde1229b-7c52-4197-9678-151e302da961-2

Trigger:

Logon (Runs on logon)

Action:

bde1229b-7c52-4197-9678-151e302da961-2.exe \ywwvhacb \vmuhvtt='video mediaplay-air' \ppaxqaj=

The file bde1229b-7c52-4197-9678-151e302da961-2.exe has been discovered within the following program.

video MediaPlay-Air by Robokid Technologies

video MediaPlay-Air (Freeven) is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

crossrider.com/install/59599-video-mediaplayer

83% remove it

Remove bde1229b-7c52-4197-9678-151e302da961-2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.