phd-v1.4-bg.exe

PHD-V1.4

Motoko Group

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application phd-v1.4-bg.exe by Motoko Group has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
PHD  (signed by Motoko Group)

Product:
PHD-V1.4

Description:
PHD-V1.4 exe

Version:
1000.1000.1000.1000

MD5:
5dd08e3fc74c0b49d2a8262e32f179b2

SHA-1:
751ac0d9ff3a857029270fb52422997be1c73237

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Motoko Group.

Analysis date:
5/25/2020 7:21:02 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider (M)
17.2.28.20

File size:
615.9 KB (630,632 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
PHD-V1.4.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\phd-v1.4\phd-v1.4-bg.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/18/2014 2:00:00 AM

Valid to:
7/19/2015 1:59:59 AM

Subject:
CN=Motoko Group, O=Motoko Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AAFC4F8011F7FD7C00748C990950D28A

File PE Metadata
Compilation timestamp:
7/27/2014 12:07:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x525A8

Entry point:
E8, 5F, CC, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 88, 34, 49, 00, E8, 52, 49, 00, 00, E8, C6, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, F2, CB, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 70, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
489.5 KB (501,248 bytes)

Remove phd-v1.4-bg.exe - Powered by Reason Core Security