» hq-video-pro-1.5-firefoxinstaller.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

hq-video-pro-1.5-firefoxinstaller.exe

HQ-Video-Pro-1.5

HQ-Video

The application hq-video-pro-1.5-firefoxinstaller.exe, “HQ-Video-Pro-1.5 exe” has been detected as adware by 23 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity.

File name:

Publisher:

HQ-Video

Product:

HQ-Video-Pro-1.5

Description:

HQ-Video-Pro-1.5 exe

Version:

1000.1000.1000.1000

MD5:

049df1fd277426f03072356ae5d3f0a8

SHA-1:

fba1bfe1895e8983ced822ed871204f9c4eea609

SHA-256:

439d719265fd1ee79aae59ebfa06b5f608a68fe10447a1256021f9fe84c7a467

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/23/2024 5:32:55 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.914082

903

Avira AntiVirus

Adware/CrossRider.A.560

7.11.156.52

AVG

MultiBundle.V

2015.0.3381

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.1436

Bitdefender

Adware.Generic.914082

1.0.20.1135

Comodo Security

ApplicUnwnt

18643

Dr.Web

Trojan.Crossrider.8406

9.0.1.0227

Emsisoft Anti-Malware

Adware.Generic.914082

8.14.08.15.03

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.9505

Fortinet FortiGate

Riskware/Toolbar_CrossRider

8/15/2014

F-Secure

Adware.Generic.914082

11.2014-15-08_6

G Data

Adware.Generic.914082

14.8.24

K7 AntiVirus

Trojan

13.180.12498

Malwarebytes

PUP.Optional.HQVideoPro.A

v2014.03.06.04

McAfee

Artemis!A4DA62A2563A

5600.7037

MicroWorld eScan

Adware.Generic.914082

15.0.0.681

NANO AntiVirus

Trojan.Win32.Crossrider.cwaizj

0.28.0.60475

Panda Antivirus

Trj/Genetic.gen

14.08.15.03

Reason Heuristics

PUP.Crossrider.Task.a

14.8.15.15

Sophos

Generic PUA GL

4.98

Trend Micro House Call

TROJ_GEN.R02KC0ODT14

7.2.227

Trend Micro

TROJ_GEN.R02KC0ODT14

10.465.15

VIPRE Antivirus

Crossrider

27112

File size:

931 KB (953,344 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HQ-Video-Pro-1.5.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hq-video-pro-1.5\hq-video-pro-1.5-firefoxinstaller.exe

File PE Metadata

Compilation timestamp:

3/2/2014 11:05:14 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:ieiL6RMgTmpgHTDhEQu6OC3CMwh2jms9GxqMDTGSXGl33haATXv:KWR9MlmhaATX

Entry address:

0x9C400

Entry point:

E8, 82, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE... 
[+]

Code size:

757.5 KB (775,680 bytes)

Scheduled Task

Task name:

HQ-Video-Pro-1.5-firefoxinstaller

Trigger:

Logon (Runs on logon)

Action:

hq-video-pro-1.5-firefoxinstaller.exe \installxpi \agentregpath='hq-video-pro-1.5' \exte

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/008358/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove hq-video-pro-1.5-firefoxinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.