» hdtubev1.6-nova.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

hdtubev1.6-nova.exe

HDtubeV1.6

Robokid Technologies

By using the Crossrider framework, this web extension is loaded in the web browser and displays advertisments on web pages not affiliated by the extension or company. These unwanted advertisements are injected by the extension in the browser in the form of common ad types such as banners and text-links. The application hdtubev1.6-nova.exe by Robokid Technologies has been detected as adware by 27 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program HDtubeV1.6 by Robokid Technologies which is a potentially unwanted software program. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

hdtubev1.6-nova.exe

Publisher:

HDTube (signed by Robokid Technologies)

Product:

HDtubeV1.6

Description:

HDtubeV1.6 exe

Version:

1000.1000.1000.1000

MD5:

7370557c90fd630ddf03f1300013def2

SHA-1:

ec2458a41c98aafc1160304389837a1c9317fc4e

SHA-256:

378c3ca4e86f53b604e9c08d424e7bfdae4dfc8a49dfdeb9be8f63742a854b0b

Scanner detections:

27 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/23/2024 10:50:03 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.19680

928

Agnitum Outpost

PUA.AdLoad

7.1.1

AhnLab V3 Security

PUP/Win32.Toolbar

2014.07.06

Avira AntiVirus

Adware/CrossRider.A.4953

7.11.152.176

avast!

Win32:Adware-gen [Adw]

2014.9-140721

AVG

Adware Generic_r

2015.0.3418

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.1479

Bitdefender

Gen:Variant.Kazy.19680

1.0.20.1010

Bkav FE

W32.CrossRiderD.Adware

1.3.0.4959

Emsisoft Anti-Malware

Gen:Variant.Kazy.19680

8.14.07.21.05

ESET NOD32

Win32/Toolbar.CrossRider.AE potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Toolbar_CrossRider

7/21/2014

F-Prot

W32/A-7d811582

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.19680

11.2014-21-07_2

G Data

Win32.Application.Plush

14.7.24

IKARUS anti.virus

PUA.OptionalInst.Goobzo

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.178.12278

Malwarebytes

PUP.Optional.HDPlus.A

v2014.07.09.09

McAfee

Artemis!768454CDA6CA

5600.7062

MicroWorld eScan

Gen:Variant.Kazy.19680

15.0.0.606

NANO AntiVirus

Riskware.Win32.AdLoad.dbihow

0.28.0.60253

Panda Antivirus

Trj/Genetic.gen

14.07.09.09

Qihoo 360 Security

Win32/Trojan.Adware.37e

1.0.0.1015

Reason Heuristics

PUP.RobokidTechnologies.O

14.7.9.21

Sophos

AppRider

4.98

Trend Micro House Call

Suspicious_GEN.F47V0704

7.2.202

VIPRE Antivirus

Threat.4789396

29708

File size:

588 KB (602,136 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HDtubeV1.6.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hdtubev1.6\hdtubev1.6-nova.exe

Digital Signature

Signed by:

Robokid Technologies

Authority:

COMODO CA Limited

Valid from:

6/23/2014 2:00:00 AM

Valid to:

6/24/2015 1:59:59 AM

Subject:

CN=Robokid Technologies, O=Robokid Technologies, STREET=Athinodorou 3 Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ECF35E880AD0F3BC6F82DFB1F2E84CC0

File PE Metadata

Compilation timestamp:

7/9/2014 12:12:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:5SW6tD1gG74GMx3DIZ/vIHXsWyAvpTIBSxal9A:MW6tDRi8qsP4TOpl9A

Entry address:

0x459DC

Entry point:

E8, 5A, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 00, A1, 47, 00, E8, DE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, ED, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 13, 68, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3182

Code size:

416 KB (425,984 bytes)

Scheduled Task

Task name:

e43a1961-deed-4e79-b78e-8bb8942b7950-7

Trigger:

Logon (Runs on logon)

Action:

hdtubev1.6-nova.exe \qeyfuexq='hdtubev1.6' \qbksxqapk=59564 \tgxqyh='0

The file hdtubev1.6-nova.exe has been discovered within the following program.

HDtubeV1.6 by Robokid Technologies

HDTube is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

crossrider.com

80% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.81.217:80)

Remove hdtubev1.6-nova.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.