» pjire.exe
Overview
Analysis
File Details
Behaviors (1)

pjire.exe

HQualityPro-1.6

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application pjire.exe, “HQualityPro-1.6 exe” by Evangelion Group has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named PJIRE triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

pjire.exe

Publisher:

HQualityPro (signed by Evangelion Group)

Product:

HQualityPro-1.6

Description:

HQualityPro-1.6 exe

Version:

1000.1000.1000.1000

MD5:

71188ee5b4b5a56334c57ce51be18554

SHA-1:

a6a70616905bf161a6f8c1b31247afa114c76f80

SHA-256:

9333b5a3a405a6b9d0c918a821b79834eef714f46d6c1d557259090ad1e4253d

Scanner detections:

22 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

5/16/2024 6:46:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Plush.1

873

AhnLab V3 Security

PUP/Win32.CrossRider

2014.09.15

Avira AntiVirus

Adware/Plush.1.89

7.11.172.102

avast!

Win32:Crossrider-M [PUP]

140908-2

AVG

Generic

2015.0.3351

Bitdefender

Gen:Variant.Adware.Plush.1

1.0.20.1290

Dr.Web

Trojan.Crossrider.32967

9.0.1.0258

Emsisoft Anti-Malware

Gen:Variant.Adware.Plush

8.14.09.14.08

ESET NOD32

Win32/Toolbar.CrossRider.AQ potentially unwanted application

8.7.0.302.0

F-Secure

Gen:Variant.Adware.Plush.1

11.2014-15-09_2

G Data

Gen:Variant.Adware.Plush

14.9.24

herdProtect (fuzzy)

variant of filf.exe (Adware)

2014.11.11.7

IKARUS anti.virus

Trojan.GoogUpdate

t3scan.1.7.8.0

K7 AntiVirus

Adware

13.183.13379

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.3251

Malwarebytes

PUP.Optional.HQTube.A

v2014.09.15.11

McAfee

Artemis!AA0A3C7B58A7

5600.6950

MicroWorld eScan

Gen:Variant.Adware.Plush.1

15.0.0.774

Panda Antivirus

Trj/Genetic.gen

14.09.15.11

Reason Heuristics

PUP.EvangelionGroup.F

14.9.14.8

Sophos

Generic PUA DD

4.98

VIPRE Antivirus

Crossrider

33126

File size:

1.9 MB (1,962,864 bytes)

Product version:

1000.1000.1000.1000

Original file name:

HQualityPro-1.6.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\pjire.exe

Digital Signature

Signed by:

Evangelion Group

Authority:

COMODO CA Limited

Valid from:

7/28/2014 1:00:00 AM

Valid to:

7/29/2015 12:59:59 AM

Subject:

CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata

Compilation timestamp:

9/13/2014 11:05:19 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:BsFPpNNmusqYHFL3lMoqpS4GTLUzn+nPRxR:BsJpeB/lLLz

Entry address:

0xEC604

Entry point:

E8, 3C, 00, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 6F, 01, 01, 00, 3B, 30, 7C, 07, E8, 66, 01, 01, 00, 8B, 30, E8, 59, 01, 01, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 60, 5F, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 40, 13, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 7A, 31, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 40, 13, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, D3, ED... 
[+]

Entropy:

6.8611

Code size:

1.1 MB (1,135,616 bytes)

Scheduled Task

Task name:

PJIRE

Trigger:

Logon (Runs on logon)

Remove pjire.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.