» e653cf25-f107-4cbe-b8d1-5dadaea354f2-3.exe
Overview
Analysis
File Details
Behaviors (1)

e653cf25-f107-4cbe-b8d1-5dadaea354f2-3.exe

CinemaP-1.9cV16.03

Cinema PlusV16.03

The application e653cf25-f107-4cbe-b8d1-5dadaea354f2-3.exe, “CinemaP-1.9cV16.03 exe” has been detected as adware by 37 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Cinema PlusV16.03

Product:

CinemaP-1.9cV16.03

Description:

CinemaP-1.9cV16.03 exe

Version:

1000.1000.1000.1000

MD5:

efc857074056574d062e8f3454cd4a20

SHA-1:

8fd07c74f87bfd7dfd88f548f6dcab22f11b6312

SHA-256:

28782976867e1bda7cf865ed7e4609d9ac30931d7bd40a296c17381789c8edd9

Scanner detections:

37 / 68

Status:

Adware

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 7:32:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Virtob.Gen.12

657

Agnitum Outpost

Win32.Sality.BL

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.04.19

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:Vitro

2014.9-150419

AVG

Win32/Sality

2014.0.4311

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15419

Bitdefender

Win32.Sality.3

1.0.20.545

Bkav FE

W32.Vetor.PE

1.3.0.6379

Comodo Security

Virus.Win32.Sality.gen

21818

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Virtob.Gen.12

8.15.04.19.06

ESET NOD32

Win32/Virut.NBP virus

9.7.0.302.0

F-Prot

W32/Virut.AI!Generic

v6.4.6.5.141

F-Secure

Win32.Virtob.Gen.12

11.2015-19-04_1

G Data

Win32.Sality

15.4.25

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.8.9.0

K7 AntiVirus

Virus

13.202.15641

Kaspersky

Virus.Win32.Sality

15.0.0.543

Malwarebytes

PUP.Optional.CrossRider.A

v2015.04.19.07

McAfee

Program.Artemis!877759FE37E2

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.199.89.0

MicroWorld eScan

Win32.Virtob.Gen.12

16.0.0.327

NANO AntiVirus

Virus.Win32.Sality.beygb

0.30.16.1110

Norman

Win32.Virtob.Gen.12

11.20150419

nProtect

Virus/W32.Sality.D

15.04.17.01

Panda Antivirus

W32/Sality.AA

15.04.19.07

Quick Heal

W32.Sality.U

4.15.14.00

Reason Heuristics

Adware.Crossrider.CinemaPlusV1603

15.4.19.2

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.15417

Sophos

Virus 'Mal/Sality-D'

5.13

Total Defense

Win32/Sality.AA

37.0.11557

Trend Micro House Call

PE_SALITY.RL

7.2.109

Trend Micro

PE_SALITY.RL

10.465.19

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.3

VIPRE Antivirus

Threat.4739697

39486

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

File size:

2 MB (2,104,832 bytes)

Product version:

1000.1000.1000.1000

Original file name:

CinemaP-1.9cV16.03.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cinemap-1.9cv16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-3.exe

File PE Metadata

Compilation timestamp:

3/16/2015 12:12:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:CGeJ9dt1PBkRp/TDWzpK+wpSprT+Z1V1DzF:EdPBiezpJW

Entry address:

0xF9E41

Entry point:

87, EB, 8B, C3, B4, 4B, 87, DD, 0F, B7, ED, 88, CD, 0F, B7, EB, 4F, BA, 46, 76, 86, 2A, 31, C7, 78, 05, 88, CE, 45, 87, FE, 8D, 1D, CA, 24, 00, 00, 81, EA, 50, 58, 16, A0, 81, C3, 2C, 55, 00, 00, 78, 0B, 0F, B7, C6, F7, C6, 15, 00, 83, DA, 88, D2, F3, 6B, C9, 00, 8D, 1D, 5E, D7, 6C, 16, FE, CE, 8A, D4, 8D, 3D, E9, 65, A8, 8C, B4, D6, 85, F8, 70, 01, 45, 87, D5, 8D, 1D, BB, 89, F7, FF, F7, C3, FB, 1A, BB, 44, 0F, AF, C2, C7, C6, 3A, 04, EB, 11, 81, C3, DE, 70, 08, 00, 8D, 2D, AD, B9, 6C, 0A, 03, CB, 72, 02... 
[+]

Entropy:

6.9339

Code size:

1.2 MB (1,212,416 bytes)

Scheduled Task

Task name:

e653cf25-f107-4cbe-b8d1-5dadaea354f2-3

Trigger:

Logon (Runs on logon)

Remove e653cf25-f107-4cbe-b8d1-5dadaea354f2-3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.