» hd_quality.exe
Overview
Analysis
File Details

hd_quality.exe

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application hd_quality.exe by Robokid Technologies has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

hd_quality.exe

Publisher:

Robokid Technologies (signed and verified)

Description:

Eehxsk

Version:

15.6.7.16

MD5:

03c24df25d0d2cd1f3501f65e4e1e05c

SHA-1:

bf0a8e36f405b4da90a008f0a4ab04a619937678

SHA-256:

b027bc7ba1e167add048248c56187d9f0deb8840a27e29d0904f5237ab8cfed1

Scanner detections:

5 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/25/2024 4:01:31 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3404

Clam AntiVirus

Win.Adware.Agent-6597

0.98/19185

IKARUS anti.virus

PUA.PlusHD

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.CrossRider.A

v2014.07.24.02

Reason Heuristics

PUP.RobokidTechnologies.K

14.7.24.2

File size:

8.1 MB (8,455,488 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\serv\hd_quality.exe

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/22/2014 8:00:00 PM

Valid to:

6/23/2015 7:59:59 PM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

12/4/2012 8:55:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:fXbNjJp+cPPGQjsACiE1S0W2ujD6H//lYFC:frrMwGqs/FS0WZmj

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.9986 (probably packed)

Code size:

34.5 KB (35,328 bytes)

Remove hd_quality.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.