» firefoxuninstaller59568.exe
Overview
Analysis
File Details

firefoxuninstaller59568.exe

HD-V1.8

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application firefoxuninstaller59568.exe by Robokid Technologies has been detected as adware by 25 anti-malware scanners. It is also typically executed from the user's temporary directory. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

InfoHD-V1.8 (signed by Robokid Technologies)

Product:

HD-V1.8

Description:

HD-V1.8 exe

Version:

1000.1000.1000.1000

MD5:

45c106837e8a73c5f4833e93c116b447

SHA-1:

c7c9a71919abf32966569f7db054e50a003df689

SHA-256:

bdf4a7a73efd7ae8396288e6a7ff9aeaa2a77a0da8eda79c6f34fab986af655e

Scanner detections:

25 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/24/2024 8:15:17 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.973022

918

AhnLab V3 Security

PUP/Win32.MulDown

2014.07.16

Avira AntiVirus

Adware/CrossRider.A.17778

7.11.160.212

AVG

Generic

2015.0.3398

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14729

Bitdefender

Adware.Generic.973022

1.0.20.1065

Emsisoft Anti-Malware

Adware.Generic.973022

8.14.08.01.12

ESET NOD32

Win32/Toolbar.CrossRider.AK potentially unwanted application

8.7.0.302.0

Fortinet FortiGate

Adware/Adload

8/1/2014

F-Secure

Adware.Generic.973022

11.2014-01-08_6

G Data

Adware.Generic.973022

14.8.24

herdProtect (fuzzy)

variant of ea971d11-bfc0-4f6a-8605-28d73cd1c08a-4.exe (Adware)

2014.9.10.4

IKARUS anti.virus

AdWare.Adload

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.180.12733

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.3475

Malwarebytes

PUP.Optional.HDPlus.A

v2014.07.29.09

McAfee

RDN/Generic PUP.x!c2o

5600.7052

MicroWorld eScan

Adware.Generic.973022

15.0.0.639

NANO AntiVirus

Riskware.Win32.AdLoad.dcccgv

0.28.2.60881

Panda Antivirus

PUP/MultiToolbar.A

14.07.29.09

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Reason Heuristics

PUP.RobokidTechnologies.X

14.7.29.20

Sophos

Generic PUA CI

4.98

Trend Micro House Call

TROJ_GEN.R0CBB01G914

7.2.213

VIPRE Antivirus

Threat.4789396

31088

File size:

879 KB (900,120 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HD-V1.8.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\firefoxuninstaller59568.exe

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/23/2014 3:00:00 AM

Valid to:

6/24/2015 2:59:59 AM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

7/8/2014 1:03:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:+0mwmpjJ5qPXUWTi3nZ0owFO2Zxggj/ajLOVfU0t24d051KCO3Qdw7pTdvy:PmpFg3uJ0vFO2ZxgwL24d0Je1TZy

Entry address:

0x903EF

Entry point:

E8, 7D, E3, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41... 
[+]

Entropy:

6.5544

Code size:

727.5 KB (744,960 bytes)

Remove firefoxuninstaller59568.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.