» plushd-v1.9-nova.exe
Overview
Analysis
File Details
Behaviors (1)
Network (19)

plushd-v1.9-nova.exe

PlusHD-V1.9

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application plushd-v1.9-nova.exe by Bright circle investments has been detected as adware by 17 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address ip-50-63-202-55.ip.secureserver.net on port 80 using the HTTP protocol. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

PlusHDv1.9 (signed by Bright circle investments Ltd.)

Product:

PlusHD-V1.9

Description:

PlusHD-V1.9 exe

Version:

1000.1000.1000.1000

MD5:

31531edf2488994e240e5d26a8db2588

SHA-1:

64251de33b8b8cece3f4e296b03d6dddc9587951

SHA-256:

540be3d807e223d79a2f503d1adab0e187cb3549437cc668e58f8706d50d65be

Scanner detections:

17 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:

4/24/2024 9:57:20 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.145947

949

Agnitum Outpost

PUA.Toolbar.CrossRider

7.1.1

AhnLab V3 Security

PUP/Win32.Toolbar

2014.07.05

Avira AntiVirus

Adware/CrossRider.A.15107

7.11.158.148

AVG

Adware Generic_r

2015.0.3366

Bitdefender

Gen:Variant.Graftor.145947

1.0.20.910

Comodo Security

ApplicUnwnt

18771

Emsisoft Anti-Malware

Gen:Variant.Graftor.145947

8.14.07.01.04

ESET NOD32

Win32/Toolbar.CrossRider.AE potentially unwanted application

8.7.0.302.0

G Data

Gen:Variant.Graftor.145947

14.7.24

herdProtect (fuzzy)

variant of video mediaplayer-nova.exe (Adware)

2014.8.31.8

McAfee

Artemis!E23D26ECF20D

5600.7022

MicroWorld eScan

Gen:Variant.Graftor.145947

15.0.0.546

NANO AntiVirus

Riskware.Win32.AdLoad.dbswkd

0.28.0.60577

Panda Antivirus

Trj/Genetic.gen

14.07.01.04

Reason Heuristics

PUP.Task.Brightcircleinvestments.P

14.7.17.9

VIPRE Antivirus

Threat.4789396

31208

File size:

598.1 KB (612,408 bytes)

Product version:

1000.1000.1000.1000

Original file name:

PlusHD-V1.9.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\plushd-v1.9\plushd-v1.9-nova.exe

Digital Signature

Signed by:

Bright circle investments Ltd.

Authority:

COMODO CA Limited

Valid from:

6/20/2014 3:00:00 AM

Valid to:

6/21/2015 2:59:59 AM

Subject:

CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4347D0F2AD67F1767C932B3BFBEA7713

File PE Metadata

Compilation timestamp:

6/27/2014 1:04:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:OKARyle2S+kESEdGynP+ftw7dpTkmUIz1Kq:z8ylXf9jHTRUe1P

Entry address:

0x46F99

Entry point:

E8, 57, DF, 00, 00, E9, 03, 00, 00, 00, CC, CC, CC, 6A, 14, 68, D8, D2, 47, 00, E8, DE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, E7, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9A, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00... 
[+]

Entropy:

6.3265

Code size:

425 KB (435,200 bytes)

Scheduled Task

Task name:

e29193b0-b61f-4d86-ada8-6277dd849368-7

Trigger:

Logon (Runs on logon)

Action:

plushd-v1.9-nova.exe \bwwze='plushd-v1.9' \qhwatmw=59570 \scxets='00172

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip-50-63-202-56.ip.secureserver.net (50.63.202.56:80)

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

TCP (HTTP):

Connects to hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (52.216.225.226:80)

Remove plushd-v1.9-nova.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.