» d482b050-aa11-4fed-8bb2-ab985fc36e11-2.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

d482b050-aa11-4fed-8bb2-ab985fc36e11-2.exe

Torntv V9.0

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application d482b050-aa11-4fed-8bb2-ab985fc36e11-2.exe by CoolMirage has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Torntv V9.0 by InstallDaddy Services Ltd. which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

installdaddy (signed by CoolMirage Ltd.)

Product:

Torntv V9.0

Description:

Torntv V9.0 exe

Version:

1000.1000.1000.1000

MD5:

37c22f648008a43d91922a022e9af9af

SHA-1:

4cf4ec0e5bcfed476f1a4551d99deebeecfb54c3

SHA-256:

1653229506388a8fe5d11895c3e14823405a6dbb2899ec4a3d77184ac7911080

Scanner detections:

22 / 68

Status:

Adware

Explanation:

InstallDaddy bunldes adware such as toolbars and unwanted browser extensions.

Analysis date:

4/28/2024 8:17:55 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AhnLab V3 Security

Win-PUP/CrossRider

2014.12.15

Avira AntiVirus

Adware/CrossRider.A.11872

7.11.156.30

avast!

Win32:Crossrider-AC [PUP]

2014.9-150408

AVG

Skodna

2016.0.3146

Baidu Antivirus

Adware.Win32.AdLoad

4.0.3.14622

Comodo Security

ApplicUnwnt

20370

ESET NOD32

Win32/Toolbar.CrossRider.AJ potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Toolbar_CrossRider

4/8/2015

F-Prot

W32/S-a64d6097

v6.4.7.1.166

K7 AntiVirus

Unwanted-Program

13.187.14332

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

15.0.0.463

Malwarebytes

PUP.Optional.iWebar.A

v2015.04.08.01

McAfee

Artemis!37C22F648008

5600.7092

NANO AntiVirus

Riskware.Win32.AdLoad.dblixp

0.28.6.63850

Panda Antivirus

PUP/MultiToolbar.A

14.06.22.08

Reason Heuristics

PUP.Task.CoolMirage.g

14.8.7.17

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14620

Sophos

AppRider

4.98

Trend Micro House Call

TROJ_GEN.R08NH07FM14

7.2.173

VIPRE Antivirus

Threat.4789396

29708

Zillya! Antivirus

Adware.CrossRider.Win32.256

2.0.0.2006

File size:

359.9 KB (368,512 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Torntv V9.0.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\torntv v9.0\d482b050-aa11-4fed-8bb2-ab985fc36e11-2.exe

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/5/2013 5:00:00 PM

Valid to:

6/6/2014 4:59:59 PM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

File PE Metadata

Compilation timestamp:

6/21/2014 3:03:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:PJlFWIW8QMnL60XLiZB/7D/gipxCSyz+mpTBDkHjJF:PJlFrxQKLvW//7MipwSyz+mpTmD

Entry address:

0x2D1C1

Entry point:

E8, B1, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 5A, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 44, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, B7, 62, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

270 KB (276,480 bytes)

Scheduled Task

Task name:

d482b050-aa11-4fed-8bb2-ab985fc36e11-2

Trigger:

Logon (Runs on logon)

Action:

d482b050-aa11-4fed-8bb2-ab985fc36e11-2.exe \iboqz \hjjvxzzd='torntv v9.0' \dzobuthp=51390 \jw

The file d482b050-aa11-4fed-8bb2-ab985fc36e11-2.exe has been discovered within the following program.

Torntv V9.0 by InstallDaddy Services Ltd.

This is a potentially unwanted program (PUP) that bundles various additional offers during setup, typically ad-supported (adware) in functionality.

88% remove it

Remove d482b050-aa11-4fed-8bb2-ab985fc36e11-2.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.