» hq-video-profession-1.3-firefoxinstaller.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

hq-video-profession-1.3-firefoxinstaller.exe

HQ-Video-Profession-1.3

HQ-Video

The application hq-video-profession-1.3-firefoxinstaller.exe, “HQ-Video-Profession-1.3 exe” has been detected as adware by 27 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity.

File name:

Publisher:

HQ-Video

Product:

HQ-Video-Profession-1.3

Description:

HQ-Video-Profession-1.3 exe

Version:

1000.1000.1000.1000

MD5:

b5e647e69798942578324de1d205b6eb

SHA-1:

d20d9615c3fffdbdc41e698e962afd69afed6c96

SHA-256:

d2113e26943fd292cbcc8c788ab9f2033302ec50d7b5d76387e312c1589d6378

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

5/11/2024 1:58:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.906078

903

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

Avira AntiVirus

TR/Trash.Gen

7.11.144.196

AVG

Generic5

2015.0.3546

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.1433

Bitdefender

Adware.Generic.906078

1.0.20.1135

Comodo Security

ApplicUnwnt

18095

Dr.Web

Trojan.Crossrider.950

9.0.1.062

Emsisoft Anti-Malware

Adware.Generic.906078

8.14.08.15.03

ESET NOD32

Win32/Toolbar.CrossRider (variant)

8.9490

Fortinet FortiGate

Riskware/Toolbar_CrossRider

3/3/2014

F-Secure

Adware.Generic.906078

11.2014-15-08_6

G Data

Adware.Generic.906078

14.8.24

IKARUS anti.virus

AdWare.CrossRider

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.176.11311

Malwarebytes

PUP.Optional.HQVideoProfession.A

v2014.03.03.02

McAfee

Artemis!B5E647E69798

5600.7202

MicroWorld eScan

Adware.Generic.906078

15.0.0.681

NANO AntiVirus

Trojan.Win32.Crossrider.cvxobz

0.28.0.59048

Norman

Suspicious_Gen4.FVDUL

11.20140303

Panda Antivirus

PUP/PlusHD

14.08.15.03

Reason Heuristics

PUP.Crossrider.Task.h

14.8.15.15

Sophos

Generic PUA NC

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10420

Trend Micro House Call

TROJ_GEN.R0C1H05BJ14

7.2.62

Trend Micro

TROJ_SPNR.3AKH13

10.465.15

VIPRE Antivirus

Crossrider

27000

File size:

910.5 KB (932,352 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HQ-Video-Profession-1.3.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hq-video-profession-1.3\hq-video-profession-1.3-firefoxinstaller.exe

File PE Metadata

Compilation timestamp:

1/20/2014 2:24:20 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:t0/ZDibVoYKaQCvEwCRdllEGx8PkrM6f+L6EyrYaHE6T3kSIk0tryv3Vij6dwgpp:t0/Z+JLfcTRdllEGx8PO0yvU6TF

Entry address:

0x99AE0

Entry point:

E8, 89, F1, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, 8B, 7B, 08, 33, 3D, 38, 31, 4E, 00, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 8D, 73, 10, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 33, A3, FF, FF, 8B, 4F, 0C, 8B, 47, 08, 03, CE, 33, 0C, 30, E8, 23, A3, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, D0, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83, F8, FE, 0F, 84, EE, 00... 
[+]

Code size:

746 KB (763,904 bytes)

Scheduled Task

Task name:

HQ-Video-Profession-1.3-firefoxinstaller

Trigger:

Logon (Runs on logon)

Action:

hq-video-profession-1.3-firefoxinstaller.exe \installxpi \agentregpath='hq-video-profession-1.3

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/007935/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove hq-video-profession-1.3-firefoxinstaller.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.