home

hd-v1.9-nova.dll

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module hd-v1.9-nova.dll by Motoko Group has been detected as adware by 14 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Motoko Group  (signed and verified)

MD5:
37ea65752c5563051e03bb43b4e34695

SHA-1:
003422788684b52b3254b1c47c794bc76ffa669c

SHA-256:
6cce1650113e8dc890a659e3c1fdb799d1531bb8c259f82f8d8eebd1d683295d

Scanner detections:
14 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/19/2024 2:31:59 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3316

Baidu Antivirus
Adware.Win32.GoogUpdate
4.0.3.141019

Clam AntiVirus
Win.Trojan.Crossrider-44
0.98/21411

Dr.Web
Trojan.Crossrider.31413
9.0.1.05190

ESET NOD32
Win32/Toolbar.CrossRider.AI potentially unwanted application
7.0.302.0

G Data
Win32.Adware.Crossrider
14.10.24

K7 AntiVirus
Unwanted-Program
13.184.13727

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.494

NANO AntiVirus
Trojan.Win32.Crossrider.dekbqd
0.28.2.62671

Reason Heuristics
PUP.MotokoGroup.L
14.10.19.15

Rising Antivirus
PE:Malware.Bundlore!6.180F
23.00.65.141017

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

Zillya! Antivirus
Trojan.GoogUpdate.Win32.1287
2.0.0.1959

File size:
127.4 KB (130,408 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\hd-v1.9\hd-v1.9-nova.dll

Digital Signature
Signed by:
Motoko Group

Authority:
COMODO CA Limited

Valid from:
7/18/2014 1:00:00 AM

Valid to:
7/19/2015 12:59:59 AM

Subject:
CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata
Compilation timestamp:
7/24/2014 11:03:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:cFWmZTEJURwa2tUY5+35poNN9OjFdS43x:cFFtEJzaVM9N96S4h

Entry address:
0x6388

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 77, 39, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C8, 9A, 01, 10, E8, D9, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, C2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 50, 50, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
73.5 KB (75,264 bytes)

Remove hd-v1.9-nova.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.