» {d99a9dab-233d-0b54-aafc-9ec007cac515}-oz50v.exe
Overview
Analysis
File Details

{d99a9dab-233d-0b54-aafc-9ec007cac515}-oz50v.exe

The application {d99a9dab-233d-0b54-aafc-9ec007cac515}-oz50v.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

MD5:

763432f098eaf829644d2ce3d158d610

SHA-1:

433376281ff8c399abca295a0dbd1b5430fddddb

SHA-256:

872575dcef70440a8fea181ccd408326eb6adf99c6473195b4ef2fc534fc1b37

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/19/2024 9:37:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NTQ

799

Avira AntiVirus

ADWARE/Adware.Gen7

7.11.189.82

AVG

Adware Generic5.AMCK

2014.0.4189

Bitdefender

Adware.Agent.NTQ

1.0.20.1660

Dr.Web

Trojan.Crossrider.31

9.0.1.05190

Emsisoft Anti-Malware

Adware.Agent.NTQ

9.0.0.4570

F-Prot

W32/A-7d73c46e

v6.4.7.1.166

F-Secure

Adware.Agent.NTQ

11.2014-28-11_6

G Data

Adware.Agent.NTQ

14.11.24

Kaspersky

not-a-virus:WebToolbar.Win32.Cossder

15.0.0.543

McAfee

PUP-FFS

5600.6933

MicroWorld eScan

Adware.Agent.NTQ

15.0.0.996

NANO AntiVirus

Riskware.Win32.Agent.cqzruf

0.28.6.63726

nProtect

Adware.Agent.NTQ

14.11.27.01

File size:

632.1 KB (647,240 bytes)

File type:

Executable application (Win64 EXE)

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

12288:c0gP1iobn+0gxWI57Yez5x56lugPrWe4swZQNPtrkhIMvLtOWI:c0gP1ioCWZe9x56lugFCQNPWvL9I

Entry point:

B2, A5, 6F, FF, FC, FF, FF, FF, FB, FF, FF, FF, 00, 00, FF, FF, 47, FF, FF, FF, FF, FF, FF, FF, BF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, FF, 0F, FF, FF, FF, F1, E0, 45, F1, FF, 4B, F6, 32, DE, 47, FE, B3, 32, DE, AB, 97, 96, 8C, DF, 8F, 8D, 90, 98, 8D, 9E, 92, DF, 9C, 9E, 91, 91, 90, 8B, DF, 9D, 9A, DF, 8D, 8A, 91, DF, 96, 91, DF, BB, B0, AC, DF, 92, 90, 9B, 9A, D1, F2, F2, F5, DB, FF, FF, FF, FF, FF, FF, FF... 
[+]

Entropy:

7.8255 (probably packed)

Remove {d99a9dab-233d-0b54-aafc-9ec007cac515}-oz50v.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.