» c7d50b1d-2690-4014-92c0-4801c6396a16-6.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

c7d50b1d-2690-4014-92c0-4801c6396a16-6.exe

Vegeta Pop

The application c7d50b1d-2690-4014-92c0-4801c6396a16-6.exe by Vegeta Pop has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program HD+v2.1 by Vegeta Pop which is a potentially unwanted software program. While running, it connects to the Internet address hwcdn.net on port 80 using the HTTP protocol.

File name:

Publisher:

HD+v2.1 (signed by Vegeta Pop)

Product:

HD+v2.1

Description:

HD+v2.1 exe

Version:

1000.1000.1000.1000

MD5:

3356d097052de8c757d575eed529a845

SHA-1:

e61e744786be45691f5297318cae0dcbf1c81fd1

SHA-256:

5a964609466e81f7a3ffa09f1fa30899139b8026149921fa0a84039537f9080b

Scanner detections:

21 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/27/2024 2:44:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Adware.Plush.1

872

avast!

Win32:Malware-gen

140813-1

AVG

Vegetapop

2015.0.3371

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.14915

Bitdefender

Gen:Adware.Plush.1

1.0.20.1290

Emsisoft Anti-Malware

Gen:Adware.Plush

8.14.09.15.01

ESET NOD32

Win32/Toolbar.CrossRider.AE potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/CrossRider

9/15/2014

F-Prot

W32/A-04c00d5a

v6.4.7.1.166

F-Secure

Gen:Adware.Plush.1

11.2014-15-09_2

G Data

Gen:Adware.Plush

14.9.24

IKARUS anti.virus

PUA.PlusHD

t3scan.1.7.5.0

Kaspersky

not-a-virus:WebToolbar.Win32.CroRi

15.0.0.494

Malwarebytes

PUP.Optional.HDPlus.A

v2014.09.15.01

McAfee

Artemis!7E8B1046D09A

5600.7006

MicroWorld eScan

Gen:Adware.Plush.1

15.0.0.774

Panda Antivirus

Trj/Genetic.gen

14.08.25.08

Qihoo 360 Security

Win32/Virus.WebToolbar.d9e

1.0.0.1015

Reason Heuristics

PUP.VegetaPop.g

14.8.22.18

Sophos

AppRider

4.98

VIPRE Antivirus

Threat.4789396

32210

File size:

631.3 KB (646,472 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HD+v2.1.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hd+v2.1\c7d50b1d-2690-4014-92c0-4801c6396a16-6.exe

Digital Signature

Signed by:

Vegeta Pop

Authority:

COMODO CA Limited

Valid from:

7/16/2014 2:00:00 AM

Valid to:

7/17/2015 1:59:59 AM

Subject:

CN=Vegeta Pop, O=Vegeta Pop, STREET=Athinodorou 3, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3E0BEA30569A284917F6F65BF0F056A6

File PE Metadata

Compilation timestamp:

8/6/2014 12:06:22 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:HG+xsR5dD98bXYMInKAJUnprVkeMsEcECVfrnoHu5pT8gih7:mJ5dpiXQ+VdJbuu7Tbih7

Entry address:

0x4A2CC

Entry point:

E8, 04, E0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 20, 3A, 48, 00, E8, DE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 97, DF, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9A, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

451 KB (461,824 bytes)

Scheduled Task

Task name:

c7d50b1d-2690-4014-92c0-4801c6396a16-6

Trigger:

Logon (Runs on logon)

Action:

c7d50b1d-2690-4014-92c0-4801c6396a16-6.exe \jmpsi='hd+v2.1' \oqskpg=62846 \qjydi='001972' \pa

The file c7d50b1d-2690-4014-92c0-4801c6396a16-6.exe has been discovered within the following program.

HD+v2.1 by Vegeta Pop

HD+ is an adware Internet toolbar/extension that will deliver ads to the browser on web pages that are not affiliated with the ads or the extension.

83% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to hwcdn.net (69.16.175.42:80)

Remove c7d50b1d-2690-4014-92c0-4801c6396a16-6.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.