plus-hd-9.3-enabler.exe

Plus-HD-9.3

Plus HD

The application plus-hd-9.3-enabler.exe has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. By utilizing the Crossrider browser extension platform, the Enabler module is designed to manage the integration with the user's web browser and install/manage the plugin for Chrome, IE and Firefox. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.
Publisher:
Plus HD

Product:
Plus-HD-9.3

Description:
Plus-HD-9.3 exe

Version:
1000.1000.1000.1000

MD5:
7652e423836287f6d268a8e7d95d0cd6

SHA-1:
25a6dee7d8a208d06f5b54cc414e59cf4d06bfe4

SHA-256:
aaa476841c0caad5e56fb4700c4c12801ad4b35eeb7ccbc30443832c81324a47

Scanner detections:
5 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
3/16/2014 9:05:52 PM UTC  (six months ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.1452

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9520

herdProtect (fuzzy)
2014.5.2.2

Reason Heuristics
PUP.Crossrider.PlusHD.S
14.3.16.17

VIPRE Antivirus
Crossrider
27252

File size:
402.5 KB (412,160 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Plus-HD-9.3.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\plus-hd-9.3\plus-hd-9.3-enabler.exe

File PE Metadata
Compilation timestamp:
3/5/2014 2:06:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:W0JDC7SXRCv1lOaGuG0WxzLFFsuZWHAt/qckDBh8NOJ+QK3pTBPXReYa9V:pVC7SXoNUumxzRGusg6BiNOJwpTFXRu

Entry address:
0x372A8

Entry point:
E8, 94, 99, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D8, 13, 46, 00, E8, 52, 25, 00, 00, E8, D2, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 27, 99, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, E4, 55, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4415

Code size:
306 KB (313,344 bytes)

Scheduled Task
Task name:
Plus-HD-9.3-enabler

Trigger:
Logon (Runs on logon)

Action:
plus-hd-9.3-enabler.exe \enablebho \agentregpath='plus-hd-9.3' \appid=5309


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/000621/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

There are 2 known versions of plus-hd-9.3-enabler.exe by Plus HD.

8 / 68      (Adware)
plus-hd-9.3-enabler.exe  1000.1000.1000.1000  (ac1ea51c43e5220f9ceb72b0eeeaa7d916b96544)

9 / 68      (Adware)
plus-hd-9.3-enabler.exe  1000.1000.1000.1000  (c2a1fb4e378ca40fca759c0d1092dda0e3efbdf9)

The following file closely match plus-hd-9.3-enabler.exe based on a fuzzy CTPH.

4 / 68      (Adware)
plus-hd-9.1-enabler.exe (Plus-HD-9.1 by Plus HD)  [99% match]  (2529a145d2c293dcd03c0e05de00599bd074e20b)

12 / 68    (Adware)
plus-hd-9.3-bho.dll  (902b13aceaf787d9f7fb5d8b28266419b50748b6)

15 / 68    (Adware)
plus-hd-9.3-bg.exe  (f6b7592d91c3ab1ee86fac8f361f9b263ebdde71)

5 / 68      (Adware)
plus-hd-9.3-chromeinstaller.exe  (f1a02963fccf46817228244c5e54fbec995143ef)

5 / 68      (Adware)
plus-hd-9.3-codedownloader.exe  (7a0823d1c20f7677195dbf662026734fbc522805)

5 / 68      (Adware)
plus-hd-9.3-firefoxinstaller.exe  (1ed0f3047f5d3bc7a567c0c08eb3402b8c73cbba)

13 / 68    (Adware)
plus-hd-9.3-updater.exe  (a0e38e9b8450599f993783a1ea503cf670a04fd0)

2 / 68      (Adware)
plus-hd-9.3-bho64.dll  (dfc2afb50b14bc8ea266cd3e8a63df478ad80f40)

10 / 68    (Adware)
ae1c3042-3388-45b9-b3c5-7de311620ae3-3.exe  (5cdf945777ef0cd6e6b566dacd2709fdcf64299b)

10 / 68    (Adware)
ae1c3042-3388-45b9-b3c5-7de311620ae3-4.exe  (9dd5f081d77bc424c50b346c27a84f3b1eff9e59)

9 / 68      (Adware)
ae1c3042-3388-45b9-b3c5-7de311620ae3-5.exe  (1d560cb36775e0743382b33220c74426a935de69)

8 / 68      (Adware)
ef994b1f-9c4c-4aed-be86-188dbaff8008-2.exe  (fd8449d7468c92ebb70b9db57178b0b817eb374f)

8 / 68      (Adware)
ef994b1f-9c4c-4aed-be86-188dbaff8008-3.exe  (dc40478dfd8e76b555bce1c0d72fb94bca8389d0)

9 / 68      (Adware)
ef994b1f-9c4c-4aed-be86-188dbaff8008-4.exe  (286524797b7d4f271081525b59c95fe00a3b04ea)

8 / 68      (Adware)
ef994b1f-9c4c-4aed-be86-188dbaff8008-5.exe  (099c88d4f0940cf0ff92cd3d07ff9a825f79ceb0)

Detection Incidence by Country