home

hd-v1.8-nova.exe

HD-V1.8

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application hd-v1.8-nova.exe by Robokid Technologies has been detected as adware by 13 anti-malware scanners. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
InfoHD-V1.8  (signed by Robokid Technologies)

Product:
HD-V1.8

Description:
HD-V1.8 exe

Version:
1000.1000.1000.1000

MD5:
e3241ab2b9e19fc4666fb8ab252754eb

SHA-1:
76dcfdf04070cdf14879df2f81045aba74d0d72a

SHA-256:
a7d29b0aebf08f8a34bd52bbd990348a3cad0703c85e98c7bde033b49b58c187

Scanner detections:
13 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/26/2024 5:36:54 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Toolbar
2014.07.05

Avira AntiVirus
Adware/CrossRider.A.13670
7.11.158.124

AVG
Adware Generic_r.PP
2014.0.3986

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.1476

Comodo Security
ApplicUnwnt
18764

ESET NOD32
Win32/Toolbar.CrossRider.AE potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Toolbar_CrossRider
7/6/2014

McAfee
Artemis!CC198F0104C4
5600.7077

NANO AntiVirus
Riskware.Win32.AdLoad.dbuawc
0.28.0.60577

Panda Antivirus
Trj/Genetic.gen
14.07.06.04

Reason Heuristics
PUP.RobokidTechnologies.L
14.7.6.16

Trend Micro House Call
Suspicious_GEN.F47V0627
7.2.187

VIPRE Antivirus
Threat.4789396
29708

File size:
611.5 KB (626,200 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
HD-V1.8.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hd-v1.8\hd-v1.8-nova.exe

Digital Signature
Signed by:
Robokid Technologies

Authority:
COMODO CA Limited

Valid from:
6/23/2014 3:00:00 AM

Valid to:
6/24/2015 2:59:59 AM

Subject:
CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata
Compilation timestamp:
7/6/2014 1:05:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:zYwPouO9GEIJwNSosWZlArpTOR2dIXeoPPs:UwmmMyTJdyPPs

Entry address:
0x484B9

Entry point:
E8, 67, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 88, F5, 47, 00, E8, F1, 4E, 00, 00, E8, 9D, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, FA, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AE, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
436 KB (446,464 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to ec2-54-225-131-67.compute-1.amazonaws.com  (54.225.131.67:80)

Remove hd-v1.8-nova.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.