home

kvob.exe

Cinema Video Pro 1.6V15.11

Space Battleship Creative

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application kvob.exe, “Cinema Video Pro 1.6V15.11 exe” by Space Battleship Creative has been detected as adware by 30 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Cinema ProV15.11  (signed by Space Battleship Creative)

Product:
Cinema Video Pro 1.6V15.11

Description:
Cinema Video Pro 1.6V15.11 exe

Version:
1000.1000.1000.1000

MD5:
0ecceef2df5a0878c17b7e235e7d6532

SHA-1:
05d6a67abf557e556b032603054a1960bed2f85b

SHA-256:
6ca98fa29b17e4445fe7163459a812d27b9a7b4d86bbd71ce7fa104a80f3291f

Scanner detections:
30 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
5/8/2024 8:36:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Plush.1
674

AhnLab V3 Security
PUP/Win32.CrossRider
2014.11.27

Avira AntiVirus
Adware/CrossRider.gn
7.11.189.28

avast!
Win32:Crossrider-AI [PUP]
2014.9-150401

AVG
Generic
2016.0.3152

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.1541

Bitdefender
Gen:Variant.Adware.Plush.1
1.0.20.455

Clam AntiVirus
Win.Adware.Crossrider-124
0.98/21511

Comodo Security
Application.Win32.Plush.GRI
20095

Dr.Web
Trojan.Crossrider.39765
9.0.1.091

Emsisoft Anti-Malware
Gen:Variant.Adware.Plush
8.15.07.06.11

ESET NOD32
Win32/Toolbar.CrossRider.AX (variant)
9.10788

Fortinet FortiGate
Adware/Adwapper
4/1/2015

F-Secure
Gen:Application.Heur.4v1@kmoQkOpO
11.2015-01-04_4

G Data
Gen:Application.Heur.4v1@kmoQkOpO
15.4.24

herdProtect (fuzzy)
variant of beca23b8-b0b3-4459-afb5-30a7941c3a0c-11.exe (Adware)
2015.7.6.11

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.186.14150

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.2257

Malwarebytes
PUP.Optional.HDQuality.A
v2015.04.01.03

McAfee
Artemis!0ECCEEF2DF5A
5600.6808

MicroWorld eScan
Gen:Variant.Adware.Plush.1
16.0.0.273

NANO AntiVirus
Riskware.Win32.Crossrider.diwknx
0.28.6.63726

Qihoo 360 Security
Win32/Virus.Adware.171
1.0.0.1015

Reason Heuristics
PUP.Brightcircle
15.4.1.15

Sophos
Generic PUA AF
4.98

Trend Micro House Call
Suspicious_GEN.F47V1118
7.2.91

Vba32 AntiVirus
AdWare.Adwapper
3.12.26.3

VIPRE Antivirus
Threat.4789396
34232

Zillya! Antivirus
Adware.Adwapper.Win32.1302
2.0.0.1994

File size:
1.9 MB (1,981,360 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Cinema Video Pro 1.6V15.11.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\kvob.exe

Digital Signature
Signed by:
Space Battleship Creative

Authority:
COMODO CA Limited

Valid from:
10/19/2014 8:00:00 PM

Valid to:
10/20/2015 7:59:59 PM

Subject:
CN=Space Battleship Creative, O=Space Battleship Creative, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F7CD27D419D6D6EBEEE61F75941D1DA4

File PE Metadata
Compilation timestamp:
11/14/2014 3:36:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:qxDCoG+2WZatBexzflnJWA4PTxRbiAigjN76wLtyKwvpS3wT5zHBtXf9Nt+iJei5:qBcmEEfFJe1iMjLTwvpS3wTvZ1V1Dz7

Entry address:
0xF0B61

Entry point:
E8, 5F, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 92, FE, 00, 00, 3B, 30, 7C, 07, E8, 89, FE, 00, 00, 8B, 30, E8, 7C, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, B0, 54, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, B0, 54, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, F6, EA...
 
[+]

Entropy:
6.8580

Code size:
1.1 MB (1,147,392 bytes)

Remove kvob.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.