home

plus-hd-9.3-firefoxinstaller.exe

Plus-HD-9.3

Plus HD

The application plus-hd-9.3-firefoxinstaller.exe has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The Firefox Installer is part of the Crossrider toolbar platform and is designed to install the Crossrider plugin within Mozilla Firefox. It will also manage the Firefox SQLite connectivity. While running, it connects to the Internet address stats.srvstatsdata.com on port 80 using the HTTP protocol.
Publisher:
Plus HD

Product:
Plus-HD-9.3

Description:
Plus-HD-9.3 exe

Version:
1000.1000.1000.1000

MD5:
9357b22ebc9b0b51d88cc05c05df3c8e

SHA-1:
1ed0f3047f5d3bc7a567c0c08eb3402b8c73cbba

SHA-256:
c5b1dcd194a44145ffc6b20b02101d8a605752c405ab8f25ab9fe344c6301993

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Part of the Crossrider toolbar platform. It will download and install the extension for Firefox.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
4/27/2024 12:22:37 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14316

ESET NOD32
Win32/Toolbar.CrossRider (variant)
8.9520

herdProtect (fuzzy)
variant of plus-hd-9.1-firefoxinstaller.exe (Adware)
2014.5.2.2

Reason Heuristics
PUP.Crossrider.PlusHD.BB
14.3.16.17

VIPRE Antivirus
Crossrider
27252

File size:
941.5 KB (964,096 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Plus-HD-9.3.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\plus-hd-9.3\plus-hd-9.3-firefoxinstaller.exe

File PE Metadata
Compilation timestamp:
3/5/2014 2:06:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:eovA0SUH4OnhwNFxM5h5iT7hHpnCVrMXS4mpNT4n1:rNC25udHIVrMXlmpNT41

Entry address:
0x9E750

Entry point:
E8, 82, EF, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE...
 
[+]

Entropy:
6.5387

Code size:
767 KB (785,408 bytes)

Scheduled Task
Task name:
Plus-HD-9.3-firefoxinstaller

Trigger:
Logon (Runs on logon)

Action:
plus-hd-9.3-firefoxinstaller.exe \installxpi \agentregpath='plus-hd-9.3' \extension


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to update.srvstatsdata.com  (69.16.175.42:80)

 
http://update.srvstatsdata.com/installer_updates/000621/update.json

TCP (HTTP):
Connects to stats.srvstatsdata.com  (176.32.99.41:80)

TCP (HTTP):
Connects to app-static.crossrider.com  (69.16.175.10:80)

Remove plus-hd-9.3-firefoxinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.