home

e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7.exe

CinemaP-1.9cV16.03

Cinema PlusV16.03

The application e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7.exe, “CinemaP-1.9cV16.03 exe” has been detected as adware by 38 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
Cinema PlusV16.03

Product:
CinemaP-1.9cV16.03

Description:
CinemaP-1.9cV16.03 exe

Version:
1000.1000.1000.1000

MD5:
a7ee7d7c9dddc6316f211933f42104f1

SHA-1:
2bd575c3ef8ea8d2cd7ea6c4a0588db65105d913

SHA-256:
c388bc8b9be42f8dd0675f152f095f7be149f1fcf121ad86accbb24afe06d466

Scanner detections:
38 / 68

Status:
Adware

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/23/2024 11:27:18 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
5648785

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2015.04.19

Avira AntiVirus
W32/Sality.AT
3.6.1.96

avast!
Win32:SaliCode
150319-1

AVG
Win32/Sality
2014.0.4311

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.15419

Bitdefender
Win32.Sality.3
1.0.20.545

Bkav FE
W32.Sality.PE
1.3.0.6379

Comodo Security
Virus.Win32.Sality.gen
21818

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
9.0.0.4799

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.13.68

G Data
Win32.Sality
15.4.25

IKARUS anti.virus
Virus.Win32.Sality
t3scan.1.8.9.0

K7 AntiVirus
Virus
13.202.15641

Kaspersky
Virus.Win32.Sality
15.0.0.543

Malwarebytes
PUP.Optional.CrossRider.A
v2015.04.19.06

McAfee
Trojan.Artemis!1B3B0B7E6E8E
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.195.3225.0

MicroWorld eScan
Win32.Sality.3
16.0.0.327

NANO AntiVirus
Virus.Win32.Sality.beygb
0.30.16.1110

Norman
Win32.Sality.3
03.12.2014 13:20:04

nProtect
Virus/W32.Sality.D
15.04.17.01

Panda Antivirus
W32/Sality.AA
15.04.19.06

Quick Heal
W32.Sality.U
4.15.14.00

Reason Heuristics
Adware.Crossrider.CinemaPlusV1603
15.4.19.2

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15417

Sophos
Virus 'Mal/Sality-D'
5.13

Total Defense
Win32/Sality.AA
37.0.11557

Trend Micro House Call
PE_SALITY.RL
7.2.109

Trend Micro
PE_SALITY.RL
10.465.19

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4721115
38882

ViRobot
Win32.Sality.Gen.A[h]
2014.3.20.0

Zillya! Antivirus
Virus.Sality.Win32.20
2.0.0.2143

File size:
1.1 MB (1,197,056 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaP-1.9cV16.03.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinemap-1.9cv16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7.exe

File PE Metadata
Compilation timestamp:
3/16/2015 12:12:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:TbLXYoVdX9yx/o8ZV/PMKjEYXOJ/UWOeTpSWITcAsHa:TbbthwDZJMjieTpSWITchHa

Entry address:
0xA10C2

Entry point:
EB, 09, 33, FE, 45, 8D, 1D, 65, 9A, 58, 6C, 69, FF, C0, AD, 39, 31, 8B, D7, 89, EF, F2, 85, EB, 39, CB, 87, F0, 0F, AF, C3, 0F, BE, F4, 80, C0, 0F, 68, 93, 06, 00, 00, F6, C0, E1, 4D, 59, 25, EF, 62, 5C, 14, 81, C1, C3, 04, 00, 00, 30, C8, 80, FB, 5F, 8D, 2D, 03, 72, B8, 16, BF, D1, 15, 62, D7, 46, 89, CA, 84, F9, 81, E9, F7, 07, 07, 00, 81, FB, 94, B5, CE, 4F, 89, DD, 2B, EE, 81, C1, F6, 07, 07, 00, C6, C0, 3C, C6, C3, 7B, 8B, D2, 0A, F0, 0C, 73, 81, F9, B7, 02, 00, 00, 0F, 83, BD, FF, FF, FF, 43, 52, 68...
 
[+]

Entropy:
6.6938

Code size:
815 KB (834,560 bytes)

Scheduled Task
Task name:
e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7

Trigger:
Logon (Runs on logon)


Remove e653cf25-f107-4cbe-b8d1-5dadaea354f2-1-7.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.