» e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.exe
Overview
Analysis
File Details
Behaviors (1)

e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.exe

CinemaP-1.9cV16.03

Cinema PlusV16.03

The application e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.exe, “CinemaP-1.9cV16.03 exe” has been detected as adware by 40 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

Publisher:

Cinema PlusV16.03

Product:

CinemaP-1.9cV16.03

Description:

CinemaP-1.9cV16.03 exe

Version:

1000.1000.1000.1000

MD5:

1a2ae107af114673024cee5ba9d051f2

SHA-1:

5ebb80eac9e5bbb5cbe066e388033195d379b04d

SHA-256:

0e895f229f1fbc62dd573bbc9974e59878f1fa0872eb2e131615891a88e3befb

Scanner detections:

40 / 68

Status:

Adware

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 3:10:25 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

5651644

Agnitum Outpost

Win32.Sality.BL

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.04.19

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:SaliCode

150319-1

AVG

Win32/Sality

2014.0.4311

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.15419

Bitdefender

Win32.Sality.3

1.0.20.545

Bkav FE

W32.Sality.PE

1.3.0.6379

Comodo Security

Virus.Win32.Sality.gen

21818

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

9.0.0.4799

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.13.68

G Data

Win32.Sality

15.4.25

herdProtect (fuzzy)

variant of ynr.exe

2015.7.20.19

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.8.9.0

K7 AntiVirus

Virus

13.202.15641

Kaspersky

Virus.Win32.Sality

15.0.0.543

Malwarebytes

PUP.Optional.CrossRider.A

v2015.04.19.06

McAfee

Program.Artemis!1C7FF4BFACDD

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.195.3225.0

MicroWorld eScan

Win32.Sality.3

16.0.0.327

NANO AntiVirus

Virus.Win32.Sality.beygb

0.30.16.1110

Norman

Win32.Sality.3

03.12.2014 13:20:04

nProtect

Virus/W32.Sality.D

15.04.17.01

Panda Antivirus

W32/Sality.AA

15.04.19.06

Quick Heal

W32.Sality.U

4.15.14.00

Reason Heuristics

Adware.Crossrider.CinemaPlusV1603

15.4.19.2

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.15417

Sophos

Virus 'Mal/Sality-D'

5.13

Total Defense

Win32/Sality.AA

37.0.11557

Trend Micro House Call

PE_SALITY.RL

7.2.109

Trend Micro

PE_SALITY.RL

10.465.19

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.3

VIPRE Antivirus

Threat.4721115

38882

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.20

2.0.0.2143

File size:

1.4 MB (1,449,984 bytes)

Product version:

1000.1000.1000.1000

Original file name:

CinemaP-1.9cV16.03.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cinemap-1.9cv16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.exe

File PE Metadata

Compilation timestamp:

3/16/2015 12:11:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:uAkCycCJ+y+AlbCOmrGbY6ihc2xeRAU0KFyjcwOsiIeGcGi72+gJpS7MLT4Z1vzb:uAk3J0AFG6ihcKJvKEgbKP/+gJpS7GTa

Entry address:

0xD29EB

Entry point:

BB, DA, 5D, F0, 02, F6, C0, 76, 84, D6, B4, 76, 81, D5, 22, D2, A0, BA, 47, 0F, AF, D8, 69, FB, E4, F1, 3F, 22, 88, D7, 83, E1, 00, 69, F2, 22, 4F, A7, 10, 0F, AF, DE, FF, CE, 0F, B6, C0, 8D, 1D, 75, 1E, 14, BB, FE, C3, 88, FA, 81, C1, FD, F0, FF, FF, 85, FB, C6, C0, 2C, 81, C1, 04, 0F, 00, 00, C7, C6, 99, 4D, B8, 55, 84, E2, 0F, AF, EB, 28, DC, 87, C0, 4A, F7, C0, E6, A9, 3D, B3, F2, 89, C6, 81, F9, 1E, 02, 00, 00, 0F, 86, B2, FF, FF, FF, 31, CB, 53, 84, D4, E8, 1B, 00, 00, 00, FE, CD, EB, 05, FF, CB, 80... 
[+]

Entropy:

6.7869

Code size:

993.5 KB (1,017,344 bytes)

Scheduled Task

Task name:

e653cf25-f107-4cbe-b8d1-5dadaea354f2-4

Trigger:

Logon (Runs on logon)

Remove e653cf25-f107-4cbe-b8d1-5dadaea354f2-4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.