home

ca9f61e7-52b6-468d-8e67-8d2712eae4a9-2.exe

HD-V1.9

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application ca9f61e7-52b6-468d-8e67-8d2712eae4a9-2.exe by Motoko Group has been detected as adware by 20 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
InfoHD-V1.8  (signed by Motoko Group)

Product:
HD-V1.9

Description:
HD-V1.9 exe

Version:
1000.1000.1000.1000

MD5:
615711f94805287770a0ed823164d77b

SHA-1:
c680a78490feec0aad1078584fe9773f85d07e12

SHA-256:
24e1a5ddd08c704f93189ef724f55c963ef8bf99a19cfedee4b7875b2902fe43

Scanner detections:
20 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
4/26/2024 3:01:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OGC
920

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.164.128

AVG
Generic
2015.0.3398

Bitdefender
Adware.Agent.OGC
1.0.20.1050

Emsisoft Anti-Malware
Adware.Agent.OGC
8.14.07.29.07

ESET NOD32
Win32/Toolbar.CrossRider.AJ (variant)
8.10173

F-Prot
W32/A-eb9ef301
v6.4.7.1.166

F-Secure
Adware.Agent.OGC
11.2014-29-07_3

G Data
Adware.Agent.OGC
14.7.24

IKARUS anti.virus
not-a-virus:WebToolbar.CrossRider
t3scan.1.6.1.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3486

Malwarebytes
PUP.Optional.InfoHD.A
v2014.07.29.07

MicroWorld eScan
Adware.Agent.OGC
15.0.0.630

nProtect
Adware.Agent.OGC
14.07.29.01

Panda Antivirus
Trj/Genetic.gen
14.07.29.07

Qihoo 360 Security
HEUR/Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Task.MotokoGroup.g
14.7.27.13

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14727

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
31208

File size:
351.9 KB (360,296 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HD-V1.9.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hd-v1.9\ca9f61e7-52b6-468d-8e67-8d2712eae4a9-2.exe

Digital Signature
Signed by:
Motoko Group

Authority:
COMODO CA Limited

Valid from:
7/18/2014 3:00:00 AM

Valid to:
7/19/2015 2:59:59 AM

Subject:
CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata
Compilation timestamp:
7/22/2014 1:06:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:OzDr0j16MlevPUfql/UhzeMhELwpTBM7EHGV:OzDrszeX6qd0zebLwpTu75

Entry address:
0x2C9C1

Entry point:
E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 36, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E5, 57, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
262.5 KB (268,800 bytes)

Scheduled Task
Task name:
ca9f61e7-52b6-468d-8e67-8d2712eae4a9-2

Trigger:
Logon (Runs on logon)

Action:
ca9f61e7-52b6-468d-8e67-8d2712eae4a9-2.exe \ywwvhacb \vmuhvtt='hd-v1.9' \ppaxqaj=60548 \lbdgi


Remove ca9f61e7-52b6-468d-8e67-8d2712eae4a9-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.