» hdtotal1.1-firefoxinstaller.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (3)

hdtotal1.1-firefoxinstaller.exe

hdtotal1.1

hdtotal

The application hdtotal1.1-firefoxinstaller.exe has been detected as adware by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program hdtotal1.1 by Adware.BetterSurf which is a potentially unwanted software program. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity.

File name:

Publisher:

hdtotal

Product:

hdtotal1.1

Description:

hdtotal1.1 exe

Version:

1000.1000.1000.1000

MD5:

1baa296dc79a5583add957c6b68f6cc0

SHA-1:

d3e854a08cafa6ed102bd42324ec900df87008fc

SHA-256:

9ea3dc5f9f666fde9d17529d364150d065ce36951d3628ecff30510aa336809a

Scanner detections:

2 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/24/2024 9:53:26 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Crossrider.hdtotal.AA

14.3.11.8

VIPRE Antivirus

Crossrider

27284

File size:

936 KB (958,464 bytes)

Product version:

1000.1000.1000.1000

Original file name:

hdtotal1.1.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe

File PE Metadata

Compilation timestamp:

3/10/2014 8:04:52 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:0UcJDBlp8rUSAiFo/KPOHzzWlJHBxgV0cPqHrb2xA0U6W69WyEkc+1jA2FPkgTe4:05lD2iMEnWlJHBxgVfc+FA2Fcd9pT

Entry address:

0x9D5E0

Entry point:

E8, 82, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE... 
[+]

Entropy:

6.5338

Code size:

762.5 KB (780,800 bytes)

Scheduled Task

Task name:

hdtotal1.1-firefoxinstaller

Trigger:

Logon (Runs on logon)

Action:

hdtotal1.1-firefoxinstaller.exe \installxpi \agentregpath='hdtotal1.1' \extensionf

The file hdtotal1.1-firefoxinstaller.exe has been discovered within the following program.

hdtotal1.1 by Adware.BetterSurf

hdtotal is an adware browser extension that will display banner and text-context link ads aimed to promote the installation of additional questionable content including web browser toolbars, optimization utilities and other products.

crossrider.com/install/53360-hd-total-1-1

81% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/009487/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove hdtotal1.1-firefoxinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.