home

harry potter and the order of the phoenix soundtrack - 02 professor umbridge

The file harry potter and the order of the phoenix soundtrack - 02 professor umbridge has been detected as a potentially unwanted program by 26 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from unitial.net and multiple other hosts.
MD5:
cdc2c1d4bfdbf962584d1290dd13a7d4

SHA-1:
142a5834c83c644b3ce69ac0c974d934a86ace5f

SHA-256:
76f2ffd0d3defca1fcb18355f7cf9e34d249eabea96f8a5eebfab1ef7630baf4

Scanner detections:
26 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
5/18/2024 10:45:47 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mplug.28
5533056

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.05.22

Avira AntiVirus
ADWARE/MultiPlug.Gen7
8.3.1.6

avast!
Win32:Adware-gen [Adw]
150521-0

AVG
Adware Generic6.KZK
2014.0.4311

Bitdefender
Gen:Variant.Adware.Mplug.28
1.0.20.705

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
Application.Win32.AdWare.MultiPlug.VA
22203

Dr.Web
Trojan.Crossrider.36840
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Mplug.28
15.05.21

ESET NOD32
Win32/Adware.MultiPlug.EP application
7.0.302.0

Fortinet FortiGate
Adware/MultiPlug
5/21/2015

F-Prot
W32/S-f6576d9c
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Mplug
5.14.151

G Data
Gen:Variant.Adware.Mplug.28
15.5.25

IKARUS anti.virus
not-a-virus:AdWare.MultiPlug
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.204.15985

McAfee
Program.MultiPlug-FVF
18.0.204.0

MicroWorld eScan
Gen:Variant.Adware.Mplug.28
16.0.0.423

NANO AntiVirus
Trojan.Win32.Crossrider.dnevkc
0.30.24.1636

Panda Antivirus
Generic Suspicious
15.05.21.10

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.21.18

Sophos
PUA 'MultiPlug' (of type Adware)
5.14

Vba32 AntiVirus
suspected of Heur.Malware-Cryptor.Multiplug
3.12.26.4

Zillya! Antivirus
Adware.MultiPlug.Win32.184861
2.0.0.2187

File size:
1 MB (1,054,208 bytes)

Common path:
C:\users\{user}\downloads\harry%20potter%20and%20the%20order%20of%20the%20phoenix%20soundtrack%20-%2002%20professor%20umbridge.mp3.exe

File PE Metadata
Compilation timestamp:
7/23/2012 5:45:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:4fmSh2wEQMThvPfwmTFa5PXjOerAX+1oVkDFEJkqcGpCInD6coNjTYu5TnCKCLIu:4jhul5gCa5bBACbFGjOysTXXK4Tk

Entry address:
0x1996A

Entry point:
E8, 8D, 36, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 80, E5, 45, 00, E8, C0, 0E, 00, 00, E8, 5A, 38, 00, 00, 0F, B7, F0, 6A, 02, E8, 20, 36, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 2B, 07, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.5158

Code size:
352.5 KB (360,960 bytes)

The file harry potter and the order of the phoenix soundtrack - 02 professor umbridge has been seen being distributed by the following 2 URLs.

http://unitial.net/v2606?self_redirect=0&product_name=Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3&filesize=&product_title=ListenToYouTube.com&installer_file_name=Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3&product_file_name=Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3&product_download_url=http://srv75.listentoyoutube.com/download/.../Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3

http://unitial.net/v2606?self_redirect=0&product_name=Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3&filesize=&product_title=ListenToYouTube.com&installer_file_name=Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3&product_file_name=Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3&product_download_url=http://srv75.listentoyoutube.com/download/.../Harry Potter and the Order of the Phoenix Soundtrack - 02 Professor Umbridge.mp3

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.