home

hqtotals-firefoxinstaller.exe

HQTotalS

HQplustotalS

The application hqtotals-firefoxinstaller.exe has been detected as adware by 6 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program HQTotalS by Kimahri Software inc. which is a potentially unwanted software program. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity.
Publisher:
HQplustotalS

Product:
HQTotalS

Description:
HQTotalS exe

Version:
1000.1000.1000.1000

MD5:
a39c655569e01c36e37ea1f7929596d1

SHA-1:
7ecb96d5b1dcd1b8f5c4f9a4798510a05b02003b

SHA-256:
09676f08d132f165361218240a12ca8c2c2dc172592bde22b3f03ebc0a1fd4f4

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/24/2024 6:23:25 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.8337
9.0.1.0135

herdProtect (fuzzy)
variant of hdtotal-firefoxinstaller.exe (Adware)
2014.5.15.4

Malwarebytes
PUP.Optional.HDTotal.A
v2014.03.20.05

Reason Heuristics
PUP.Crossrider.HQplustotalS.Z
14.3.20.17

Trend Micro House Call
TROJ_GEN.F47V0326
7.2.135

VIPRE Antivirus
Crossrider
27558

File size:
936 KB (958,464 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HQTotalS.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hqtotals\hqtotals-firefoxinstaller.exe

File PE Metadata
Compilation timestamp:
3/16/2014 3:04:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:xRSQsFfUYWwfYh2xmLDyZ82g+xpDYWEqb+LNI3bNG7NmCU9ccwvp8TVYnI3696dk:xyiGgOIWZ82g+xpDYNvp8TqSMDTj

Entry address:
0x9D5D0

Entry point:
E8, 82, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE...
 
[+]

Entropy:
6.5333

Code size:
762.5 KB (780,800 bytes)

Scheduled Task
Task name:
HQTotalS-firefoxinstaller

Trigger:
Logon (Runs on logon)

Action:
hqtotals-firefoxinstaller.exe \installxpi \agentregpath='hqtotals' \extensionfil


The file hqtotals-firefoxinstaller.exe has been discovered within the following program.

HQTotalS  by Kimahri Software inc.
HQTotalS is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
84% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/001839/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove hqtotals-firefoxinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.