» hd+v1.0-codedownloader.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

hd+v1.0-codedownloader.exe

HD+V1.0

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application hd+v1.0-codedownloader.exe by Motoko Group has been detected as adware by 15 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for HDPlusPro extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

HDPlusPro (signed by Motoko Group)

Product:

HD+V1.0

Description:

HD+V1.0 exe

Version:

1000.1000.1000.1000

MD5:

7ba3df3c20c871121f2071e0c05f0e9b

SHA-1:

ae5c5f5731b120c4355a2e6b20b3f8cdab4ffd22

SHA-256:

3a5dbf9542f88ae15630fa4ad6bcf664c9dcb56c1728f85f6b12a35e477d19d2

Scanner detections:

15 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Motoko Group.

Analysis date:

4/19/2024 11:02:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Kazy.374109

924

Avira AntiVirus

ADWARE/CrossRider.Gen2

7.11.163.246

avast!

Win32:Adware-gen [Adw]

140617-1

Bitdefender

Gen:Variant.Adware.Kazy.374109

1.0.20.1030

Emsisoft Anti-Malware

Gen:Variant.Adware.Kazy.374109

8.14.07.25.12

ESET NOD32

Win32/Toolbar.CrossRider.AG potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Adware.Kazy.374109

11.2014-25-07_6

G Data

Gen:Variant.Adware.Kazy.374109

14.7.24

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.494

MicroWorld eScan

Gen:Variant.Adware.Kazy.374109

15.0.0.618

Panda Antivirus

Trj/Genetic.gen

14.07.25.12

Reason Heuristics

PUP.Crossrider.Task.V

14.7.27.13

Sophos

Generic PUA KO

4.98

VIPRE Antivirus

Threat.4789396

31208

File size:

554.4 KB (567,656 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HD+V1.0.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hd+v1.0\hd+v1.0-codedownloader.exe

Digital Signature

Signed by:

Motoko Group

Authority:

COMODO CA Limited

Valid from:

7/17/2014 9:00:00 PM

Valid to:

7/18/2015 8:59:59 PM

Subject:

CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata

Compilation timestamp:

7/23/2014 9:52:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:sjpf8V3vpgT62ZHvD8du+biNjqrVu31Sz7BcuS54SpTBs3NFWuXfRho:sev2T62ZH3jsu3oz7+4SpTm3k

Entry address:

0x48133

Entry point:

E8, C0, DD, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB, D1, D9, D1, EA, D1, D8, 0B, DB, 75, F4... 
[+]

Code size:

436.5 KB (446,976 bytes)

Scheduled Task

Task name:

69292938-2d26-4bd9-a091-99576ab8366a-1

Trigger:

Logon (Runs on logon)

Action:

hd+v1.0-codedownloader.exe \kiivlqhw \tkecmz=task \ncpnjnq='hd+v1.0' \meoxlfb

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

Remove hd+v1.0-codedownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.