» cinema-dplus3-bg.exe
Overview
Analysis
File Details
Programs (1)

cinema-dplus3-bg.exe

Cinema-DPlus3

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application cinema-dplus3-bg.exe, “Cinema-DPlus3 exe” by Motoko Group has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program Cinema-DPlus3 by Motoko Group which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

CinemaD3 (signed by Motoko Group)

Product:

Cinema-DPlus3

Description:

Cinema-DPlus3 exe

Version:

1000.1000.1000.1000

MD5:

f409305ac08a0f055a7e2e8dc35d6fa1

SHA-1:

063f3a7606980f91228ba146fd9e1bd755a0f970

SHA-256:

a8a88b494ff9d6c894c6576018ea21aa850226ad651eb3343d971340f9c9b212

Scanner detections:

10 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Motoko Group.

Analysis date:

4/25/2024 5:02:02 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.176

ESET NOD32

Win32/Toolbar.CrossRider.AL (variant)

8.10144

F-Prot

W32/A-eb9ef301

v6.4.7.1.166

IKARUS anti.virus

AdWare.Adload

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.CinemaHD.A

v2014.07.23.11

Panda Antivirus

Trj/Genetic.gen

14.07.23.11

Reason Heuristics

PUP.Crossrider.MotokoGroup.Q

14.7.27.13

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14721

Sophos

AppRider

4.98

VIPRE Antivirus

Crossrider

31536

File size:

582.9 KB (596,840 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Cinema-DPlus3.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cinema-dplus3\cinema-dplus3-bg.exe

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/17/2014 8:00:00 PM

Valid to:

7/18/2015 7:59:59 PM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

7/22/2014 6:07:31 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:hhPF8iTS14CItobl+nhhhNy4iXBRdJBkiT1P:hhPmic7bouPXPTR

Entry address:

0x4E108

Entry point:

E8, 5F, CC, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E8, AD, 48, 00, E8, 52, 49, 00, 00, E8, C6, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, F2, CB, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 70, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4551

Code size:

458 KB (468,992 bytes)

The file cinema-dplus3-bg.exe has been discovered within the following program.

Cinema-DPlus3 by Motoko Group

Cinema-DPlus is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

80% remove it

Remove cinema-dplus3-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.