» e653cf25-f107-4cbe-b8d1-5dadaea354f2-64.exe
Overview
Analysis
File Details
Network (6)

e653cf25-f107-4cbe-b8d1-5dadaea354f2-64.exe

CinemaP-1.9cV16.03

Cinema PlusV16.03

The application e653cf25-f107-4cbe-b8d1-5dadaea354f2-64.exe, “CinemaP-1.9cV16.03 exe” has been detected as adware by 11 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. While running, it connects to the Internet address ip-50-63-202-55.ip.secureserver.net on port 80 using the HTTP protocol.

File name:

Publisher:

Cinema PlusV16.03

Product:

CinemaP-1.9cV16.03

Description:

CinemaP-1.9cV16.03 exe

Version:

1000.1000.1000.1000

MD5:

a7abc4640ad93d909b20347eb1f57d02

SHA-1:

be34a51b07f9c42b16e6b39d72fd9c3da03f8029

SHA-256:

3e3fafb6ddab65cf44ac5809c0ba6d7b13ca8cf34d8b3a5d341d94e97b8ddbc0

Scanner detections:

11 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/26/2024 7:49:42 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Toolbar.Crossrider

7.1.1

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.218.126

avast!

Win64:Adware-gen [Adw]

2014.9-150410

Baidu Antivirus

Adware.Win64.CrossAd

4.0.3.15319

Comodo Security

ApplicUnwnt

21681

ESET NOD32

Win64/Toolbar.Crossrider.N potentially unwanted application

9.7.0.302.0

herdProtect (fuzzy)

variant of 44d7fd6d-dc93-416e-9bcc-b5dc29cd6346-64.exe (Adware)

2015.6.25.10

Malwarebytes

PUP.Optional.SmartSaver.A

v2015.03.19.02

Qihoo 360 Security

Win32/Virus.Adware.a87

1.0.0.1015

Reason Heuristics

Adware.Crossrider.CinemaPlusV1603

15.3.19.14

VIPRE Antivirus

Threat.4789396

38050

File size:

1.7 MB (1,829,376 bytes)

Product version:

1000.1000.1000.1000

Original file name:

CinemaP-1.9cV16.03.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\cinemap-1.9cv16.03\e653cf25-f107-4cbe-b8d1-5dadaea354f2-64.exe

File PE Metadata

Compilation timestamp:

3/15/2015 4:11:08 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:VtrPiZ0PLaXEWp9jMoW4+R7VJiFIjux86RQnTGmMtbmPf8+:icLaXVp9j1W4CbtC86ynTGmamPL

Entry address:

0xC0FA8

Entry point:

48, 83, EC, 28, E8, 3F, F9, 00, 00, 48, 83, C4, 28, E9, 02, 00, 00, 00, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 57, 48, 83, EC, 30, E8, B4, 5C, 00, 00, 0F, B7, F0, B9, 02, 00, 00, 00, E8, CB, F8, 00, 00, B8, 4D, 5A, 00, 00, 48, 8D, 3D, 17, F0, F3, FF, 66, 39, 05, 10, F0, F3, FF, 74, 04, 33, DB, EB, 31, 48, 63, 05, 3F, F0, F3, FF, 48, 03, C7, 81, 38, 50, 45, 00, 00, 75, EA, B9, 0B, 02, 00, 00, 66, 39, 48, 18, 75, DF, 33, DB, 83, B8, 84, 00, 00, 00, 0E, 76, 09, 39, 98, F8, 00, 00, 00, 0F, 95, C3, 89... 
[+]

Entropy:

6.2778

Code size:

1 MB (1,077,760 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (52.216.64.122:80)

Remove e653cf25-f107-4cbe-b8d1-5dadaea354f2-64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.