» f073f6e4-6447-49e8-946a-82fd4afdcda4-11.exe
Overview
Analysis
File Details
Behaviors (1)

f073f6e4-6447-49e8-946a-82fd4afdcda4-11.exe

ClickMovie1-Downloaderv10

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application f073f6e4-6447-49e8-946a-82fd4afdcda4-11.exe, “ClickMovie1-Downloaderv10 exe” by Sailor Project has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

end (signed by Sailor Project)

Product:

ClickMovie1-Downloaderv10

Description:

ClickMovie1-Downloaderv10 exe

Version:

1000.1000.1000.1000

MD5:

34f1e7612b474c8ef91ddca56a3bb2f7

SHA-1:

f9b7c4b9006089bae911f864348462fa7b130f25

SHA-256:

c018564b81242c819b437597d37b794ce69dbc1408638f09fa0a5c01625e5ac0

Scanner detections:

22 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/24/2024 9:10:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.374062

906

AhnLab V3 Security

PUP/Win32.CrossRider

2014.08.19

AVG

Skodna

2015.0.3384

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.14813

Bitdefender

Gen:Variant.Adware.Kazy.374062

1.0.20.1125

Dr.Web

Trojan.Crossrider.27972

9.0.1.0225

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.374062

8.14.08.13.10

ESET NOD32

Win32/Toolbar.CrossRider.AK (variant)

8.10277

F-Secure

Gen:Variant.Adware.Kazy.374062

11.2014-13-08_4

G Data

Win32.Application.Shopperpro

14.8.24

herdProtect (fuzzy)

variant of b4adefbd-243d-4997-ae5b-91a58e6f8e37-11.exe (Adware)

2014.10.25.11

IKARUS anti.virus

AdWare.Adload

t3scan.1.7.5.0

Kaspersky

Trojan.NSIS.GoogUpdate

14.0.0.3413

Malwarebytes

PUP.Optional.ObjectBrowser.A

v2014.08.13.10

McAfee

Artemis!726C43B3B130

5600.7038

MicroWorld eScan

Gen:Variant.Adware.Kazy.374062

15.0.0.675

NANO AntiVirus

Trojan.Win32.Crossrider.ddthyp

0.28.2.61721

Panda Antivirus

Adware/Goobzo

14.08.13.10

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.SailorProject.h

14.8.13.10

Sophos

Goobzo

4.98

VIPRE Antivirus

Crossrider

32344

File size:

1.8 MB (1,888,104 bytes)

Product version:

1000.1000.1000.1000

Original file name:

ClickMovie1-Downloaderv10.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\clickmovie1-downloaderv10\f073f6e4-6447-49e8-946a-82fd4afdcda4-11.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/17/2014 7:00:00 PM

Valid to:

7/18/2015 6:59:59 PM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

8/10/2014 5:05:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:Bi01O0RelxlS65hiL+438fWpS2yT07Uzn+nPRx1:Bi0JRelxl/wL+DQF

Entry address:

0xE1774

Entry point:

E8, 44, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 77, 01, 01, 00, 3B, 30, 7C, 07, E8, 6E, 01, 01, 00, 8B, 30, E8, 61, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 60, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 40, F3, 53, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 40, F3, 53, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, DB, ED... 
[+]

Entropy:

6.8575

Code size:

1 MB (1,067,520 bytes)

Scheduled Task

Task name:

f073f6e4-6447-49e8-946a-82fd4afdcda4-11

Trigger:

Logon (Runs on logon)

Action:

f073f6e4-6447-49e8-946a-82fd4afdcda4-11.exe \mshhokbvr=uhh07549luukf8bvcqhyqipkm3dmkrl0emhfb8g

Remove f073f6e4-6447-49e8-946a-82fd4afdcda4-11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.