» hqtotals-bg.exe
Overview
Analysis
File Details
Programs (1)

hqtotals-bg.exe

HQTotalS

HQplustotalS

The application hqtotals-bg.exe has been detected as adware by 7 anti-malware scanners. This file is typically installed with the program HQTotalS by Kimahri Software inc. which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads.

File name:

hqtotals-bg.exe

Publisher:

HQplustotalS

Product:

HQTotalS

Description:

HQTotalS exe

Version:

1000.1000.1000.1000

MD5:

895a01979454e09f9ebbe848f416596b

SHA-1:

f5bd07e30dc5698a4e0924696d96c1926ed6775f

SHA-256:

111ece3382bcf64d890ee6cf613f8f7b515b1bf68af933c71b33dbfa3fe79c3f

Scanner detections:

7 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

4/23/2024 9:21:57 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14321

ESET NOD32

Win32/Toolbar.CrossRider.AA (variant)

8.9549

herdProtect (fuzzy)

variant of hdtotal1.2-bg.exe (Adware)

2014.5.15.7

Malwarebytes

PUP.Optional.HDTotal.A

v2014.03.21.06

Reason Heuristics

PUP.Crossrider.HQplustotalS.L

14.3.21.6

Trend Micro House Call

TROJ_GEN.F47V0314

7.2.80

VIPRE Antivirus

Crossrider

27448

File size:

515.5 KB (527,872 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HQTotalS.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hqtotals\hqtotals-bg.exe

File PE Metadata

Compilation timestamp:

3/16/2014 3:06:15 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:jO32pCBTNxJ/9uM6ENsmUuDd7S5O7rgO1iIg12rrA9TBsy3qsLov:ympCBTNxJ/4H857OOvTm2rrA9TZ

Entry address:

0x45FDD

Entry point:

E8, 6D, B1, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 48, A9, 47, 00, E8, 6D, 01, 00, 00, E8, 0A, 13, 00, 00, 0F, B7, F0, 6A, 02, E8, 00, B1, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A2, 11, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.4165

Code size:

400 KB (409,600 bytes)

The file hqtotals-bg.exe has been discovered within the following program.

HQTotalS by Kimahri Software inc.

HQTotalS is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

84% remove it

Remove hqtotals-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.