» plus-hd-1.7-bg.exe
Overview
Analysis
File Details

plus-hd-1.7-bg.exe

Plus-HD-1.7

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The application plus-hd-1.7-bg.exe by Kimahri Software inc has been detected as adware by 2 anti-malware scanners. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

plus-hd-1.7-bg.exe

Publisher:

Plus HD (signed by Kimahri Software inc.)

Product:

Plus-HD-1.7

Description:

Plus-HD-1.7 exe

Version:

1000.1000.1000.1000

MD5:

4cebb7d4d576f98fcbae348536935166

SHA-1:

f1f89030d7116c62a1a249409a3d37f25ef6c9b8

SHA-256:

f9d37eb9ec9a0aa6fdf5065c66368dccd403682ea9660726864477be81d4b2f0

Scanner detections:

2 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Kimahri Software inc..

Analysis date:

4/23/2024 6:26:42 PM UTC (today)

Scan engine

Detection

Engine version

herdProtect (fuzzy)

variant of object browser-bg.exe (Adware)

2014.1.26.0

Reason Heuristics

PUP.Crossrider.KimahriSoftwareinc.N

14.4.21.2

File size:

755.9 KB (773,992 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Plus-HD-1.7.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\plus-hd-1.7\plus-hd-1.7-bg.exe

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/7/2013 1:00:00 AM

Valid to:

3/7/2016 12:59:59 AM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata

Compilation timestamp:

11/10/2013 11:08:57 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:icxMc355xZ5r84GX8vKrtsiv+OujSBZpTz5TH:icxMcJ5xZ5jUwjSZTRH

Entry address:

0x7097D

Entry point:

E8, F5, B3, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, 53, 4B, 00, E8, 6D, 01, 00, 00, E8, 7C, 0D, 00, 00, 0F, B7, F0, 6A, 02, E8, 88, B3, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 14, 0C, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

594 KB (608,256 bytes)

Remove plus-hd-1.7-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.