home

hosts-codedownloader.exe

hosts

Alex

The application hosts-codedownloader.exe has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program hosts by Alex which is a potentially unwanted software program. Built using the Crossrider web brower toolkit the CodeDownloader component will automatically connnect to the remote API server and download additional code/components for Alex extension/toolbar. The component makes a number of requests to the host app-static.crossrider.com/plugins/.../monetization/monetizationLoader.js.
Publisher:
Alex

Product:
hosts

Description:
hosts exe

Version:
1000.1000.1000.1000

MD5:
e2236f4df18b245c4428767eb7001bd8

SHA-1:
d091f299951ca8ade7bf03ae84ca3ca1ab2307b2

SHA-256:
3d98372fbac56338b06f24aeac4f52cbbcc4977d2f7d86adfb92cfc1a9d5607e

Scanner detections:
18 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/19/2024 7:55:02 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.10141863
1106

Bitdefender
Trojan.Generic.10141863
1.0.20.125

Bkav FE
W32.Clod374.Trojan
1.3.0.4923

Dr.Web
Trojan.Crossrider.1
9.0.1.025

Emsisoft Anti-Malware
Trojan.Generic.10141863
8.14.01.25.08

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9333

F-Secure
Trojan.Generic.10141863
11.2014-25-01_7

G Data
Trojan.Generic.10141863
14.1.24

herdProtect (fuzzy)
variant of plus-hd-1.7-codedownloader.exe (Adware)
2014.3.15.8

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.2.29

K7 AntiVirus
Trojan
13.175.10956

McAfee
Artemis!E2236F4DF18B
5600.7240

MicroWorld eScan
Trojan.Generic.10141863
15.0.0.75

nProtect
Trojan.Generic.10141863
14.01.24.02

Reason Heuristics
Threat.Win.Reputation.IMP
14.4.6.20

Sophos
AppRider
4.97

Trend Micro House Call
TROJ_GEN.F47V0726
7.2.74

VIPRE Antivirus
Crossrider
25758

File size:
465.5 KB (476,672 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
hosts.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hosts\hosts-codedownloader.exe

File PE Metadata
Compilation timestamp:
6/10/2013 2:08:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:xb8uluhnocJNUFrwEXDcHoKb70lRMpzp42J8uUQGztpm5nsKOMPa5bd4tXpTDdb:xZ0GkmKlPSm5Tpb

Entry address:
0x43549

Entry point:
E8, FA, B4, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24, 10, D1, EB...
 
[+]

Entropy:
6.4947

Code size:
373.5 KB (382,464 bytes)

The file hosts-codedownloader.exe has been discovered within the following program.

hosts  by Alex
This is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search.
67% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to lb-212-222.above.com  (103.224.212.222:80)

TCP (HTTP SSL):
Connects to vip011.ssl.hwcdn.net  (205.185.208.11:443)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to a23-67-250-90.deploy.static.akamaitechnologies.com  (23.67.250.90:80)

TCP (HTTP):
Connects to a23-67-243-49.deploy.static.akamaitechnologies.com  (23.67.243.49:80)

TCP (HTTP):
Connects to a1plpkivs-v03.any.prod.ash1.secureserver.net  (72.167.239.239:80)

Remove hosts-codedownloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.