hdshop-bg.exe

hdshop

hdplus

The application hdshop-bg.exe has been detected as adware by 4 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
hdplus

Product:
hdshop

Description:
hdshop exe

Version:
1000.1000.1000.1000

MD5:
326a192c95046f1b99b28d82a4ef7327

SHA-1:
50f3e8d82295c20d9614052f892ff0e48e4a7cec

SHA-256:
49093bd01a98f0129d1c2948f20d09a5bf77f9977193ba25b64d9d7cfa796cd8

Scanner detections:
4 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
3/8/2014 7:17:16 PM UTC  (four months ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.1438

ESET NOD32
Win32/Toolbar.CrossRider.AA (variant)
8.9516

Reason Heuristics
PUP.Crossrider.hdplus.J
14.3.8.14

VIPRE Antivirus
Crossrider
27184

File size:
515.5 KB (527,872 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
hdshop.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hdshop\hdshop-bg.exe

File PE Metadata
Compilation timestamp:
3/6/2014 10:58:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:HO32pCBTNxJ/9uM6ENsmUuDd7S5O7rgO1iIg12rzn9TBsy3qsLov:umpCBTNxJ/4H857OOvTm2rzn9TZ

Entry address:
0x45FDD

Entry point:
E8, 6D, B1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, A9, 47, 00, E8, 6D, 01, 00, 00, E8, 0A, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, 00, B1, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A2, 11, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4162

Code size:
400 KB (409,600 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.42:80)

2 / 68      (Adware)
hdshop-chromeinstaller.exe  (89a73a1eb23f570039413ed86d51a8f7b449da85)

7 / 68      (Adware)
hdshop-codedownloader.exe  (5fcb7dcd7af7786b754cac7a638462f60b7cb51e)

3 / 68      (Adware)
hdshop-enabler.exe  (313e4283c8c509dd77c440a994b07168979968c6)

2 / 68      (Adware)
hdshop-firefoxinstaller.exe  (3789679fbdaeb14992ecafcf5d6b7e0dd018fbc6)

2 / 68      (Adware)
hdshop-updater.exe  (e678de7dbd84776d4aa6fc860c983d20616667eb)

5 / 68      (Adware)
hdshop-bho64.dll  (f1f79dcb8064fafc9f82146add1bddcf5aa13fe5)

6 / 68      (Adware)
hdshop-bho.dll  (96fffb11ca24c52dd91e3ee3d3de4f36ac5a8302)

Detection Incidence by Country