» plus-hd-1.2-enabler.exe
Overview
Analysis
File Details
Network (3)

plus-hd-1.2-enabler.exe

Plus-HD-1.2

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The application plus-hd-1.2-enabler.exe by Kimahri Software inc has been detected as adware by 37 anti-malware scanners. By utilizing the Crossrider browser extension platform, the Enabler module is designed to manage the integration with the user's web browser and install/manage the plugin for Chrome, IE and Firefox. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Plus HD (signed by Kimahri Software inc.)

Product:

Plus-HD-1.2

Description:

Plus-HD-1.2 exe

Version:

1000.1000.1000.1000

MD5:

b2a00903e9c7ad65c7d264b5f73c620f

SHA-1:

1164a1658b76cd8f5a17e86024d7898c29c7bc49

SHA-256:

3652ab671d15972d0af3b4ba05f728ad0920865c16f6d4ce4e217a6349af5b1a

Scanner detections:

37 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Kimahri Software inc..

Analysis date:

4/25/2024 6:48:05 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.vu1@muSeYknO

354

Agnitum Outpost

PUA.Toolbar

7.1.1

AhnLab V3 Security

PUP/Win32.CrossRider

2015.05.29

Avira AntiVirus

ADWARE/CrossRider.A.852

8.3.1.6

avast!

Win32:Crossrider-AI [PUP]

2014.9-160215

AVG

Generic5

2017.0.2832

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.16215

Bitdefender

Gen:Application.Heur.vu1@muSeYknO

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Plush-29

0.98/21511

Comodo Security

ApplicUnwnt

22258

Dr.Web

Trojan.Crossrider1.23056

9.0.1.046

Emsisoft Anti-Malware

Gen:Adware.Plush

8.16.02.15.07

ESET NOD32

Win32/Toolbar.CrossRider.T potentially unwanted (variant)

10.11700

Fortinet FortiGate

Riskware/Toolbar_CrossRider

2/15/2016

F-Prot

W32/S-a64d6097

v6.4.7.1.166

F-Secure

Gen:Application.Heur.vu1@muSeYknO

11.2016-15-02_2

G Data

Gen:Application.Heur.vu1@muSeYknO

16.2.25

K7 AntiVirus

Unwanted-Program

13.204.16065

Kaspersky

not-a-virus:WebToolbar.Win32.CroRi

14.0.0.656

Malwarebytes

PUP.Optional.HDPlus.A

v2016.02.15.07

McAfee

Artemis!E87E5115420B

5600.6488

Microsoft Security Essentials

BrowserModifier:Win32/IeEnablerCby

1.1.11701.0

MicroWorld eScan

Gen:Application.Heur.vu1@muSeYknO

17.0.0.138

NANO AntiVirus

Trojan.Win32.Toolbar.ctsoci

0.30.24.1636

Panda Antivirus

PUP/PlusHD

16.02.15.07

Qihoo 360 Security

Win32/Virus.WebToolbar.80e

1.0.0.1015

Quick Heal

PUA.Kimahrisof.Gen

2.16.14.00

Reason Heuristics

Adware.Crossrider.Brightcircle (M)

16.2.15.19

Rising Antivirus

PE:Trojan.Win32.Generic.16837BF1!377715697

23.00.65.16213

Sophos

AppRider

4.98

SUPERAntiSpyware

Adware.CrossRider/Variant

9321

Total Defense

Heur/Adware.ZAGO!suspicious

37.1.62.1

Trend Micro House Call

TROJ_SPNV.03C214

7.2.46

Trend Micro

TROJ_SPNV.03C214

10.465.15

VIPRE Antivirus

Crossrider

40638

Zillya! Antivirus

Adware.Agent.Win32.9493

2.0.0.2193

File size:

340.4 KB (348,520 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Plus-HD-1.2.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\plus-hd-1.2\plus-hd-1.2-enabler.exe

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/7/2013 1:00:00 AM

Valid to:

3/7/2016 12:59:59 AM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata

Compilation timestamp:

12/1/2013 4:23:48 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:unRTlnE54vO20HrNXwN9a9kgqrRsf413r5VpTBloiO2m:SRTlnE5OO20HhXwNako4FpTLkr

Entry address:

0x2C1E8

Entry point:

E8, 62, 88, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, 0D, 45, 00, E8, 02, 25, 00, 00, E8, 82, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, F5, 87, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 92, 55, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

249.5 KB (255,488 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to update.srvstatsdata.com (69.16.175.42:80)

http://update.srvstatsdata.com/installer_updates/000077/update.json

TCP (HTTP):

Connects to stats.srvstatsdata.com (176.32.99.41:80)

TCP (HTTP):

Connects to app-static.crossrider.com (69.16.175.10:80)

Remove plus-hd-1.2-enabler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.