» video mediaplayer-nova.exe
Overview
Analysis
File Details
Programs (1)
Network (7)

video mediaplayer-nova.exe

video MediaPlayer

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The application video mediaplayer-nova.exe, “video MediaPlayer exe” by Kimahri Software inc has been detected as adware by 15 anti-malware scanners. This file is typically installed with the program video MediaPlayer by Sailor Project which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

Publisher:

enter (signed by Kimahri Software inc.)

Product:

video MediaPlayer

Description:

video MediaPlayer exe

Version:

1000.1000.1000.1000

MD5:

dea9e6a31de25975981defd06c178813

SHA-1:

e55595cd17d5973ee542086931a3cda1251cca0d

SHA-256:

a5efbe7ef3335f23568c75f996137ae3d5f61365dbe5cb57eb959ef729dabe68

Scanner detections:

15 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/26/2024 10:26:09 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.AdLoad

7.1.1

Avira AntiVirus

Adware/CrossRider.A.10488

7.11.156.158

avast!

Win32:Adware-gen [Adw]

2014.9-140624

AVG

Generic_r

2015.0.3433

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14624

ESET NOD32

Win32/Toolbar.CrossRider.AE (variant)

8.9970

Fortinet FortiGate

Riskware/Toolbar_CrossRider

6/24/2014

G Data

Win32.Application.Plush

14.6.24

Malwarebytes

PUP.Optional.VideoMediaPlayer.A

v2014.06.24.07

McAfee

Artemis!11C641E53E86

5600.7089

NANO AntiVirus

Riskware.Win32.AdLoad.dbdtmc

0.28.0.60253

Panda Antivirus

PUP/PlusHD

14.06.24.07

Qihoo 360 Security

Win32/Trojan.e1c

1.0.0.1015

Reason Heuristics

PUP.KimahriSoftwareinc.W

14.6.24.19

VIPRE Antivirus

Crossrider

30464

File size:

596.4 KB (610,664 bytes)

Product version:

1000.1000.1000.1000

Original file name:

video MediaPlayer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\video mediaplayer\video mediaplayer-nova.exe

Digital Signature

Signed by:

Kimahri Software inc.

Authority:

COMODO CA Limited

Valid from:

3/6/2013 5:00:00 PM

Valid to:

3/6/2016 4:59:59 PM

Subject:

CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata

Compilation timestamp:

6/19/2014 2:21:57 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:WBatSe8oo7K6fGlWMeNhX8Pr8QfcMfPfFYEpTBWYxDmMX:Wat2oQ00X6rNFPN3TAwDnX

Entry address:

0x465B9

Entry point:

E8, 5F, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 98, C1, 47, 00, E8, E1, 4E, 00, 00, E8, 9D, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, F2, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 3B, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

6.3270

Code size:

420.5 KB (430,592 bytes)

The file video mediaplayer-nova.exe has been discovered within the following program.

video MediaPlayer by Sailor Project

video MediaPlayer is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.

crossrider.com

83% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ip-50-63-202-55.ip.secureserver.net (50.63.202.55:80)

TCP (HTTP):

Connects to ip-50-63-202-40.ip.secureserver.net (50.63.202.40:80)

TCP (HTTP):

Connects to ip-184-168-221-35.ip.secureserver.net (184.168.221.35:80)

TCP (HTTP):

Connects to ip-184-168-221-53.ip.secureserver.net (184.168.221.53:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.81.202:80)

TCP (HTTP):

Connects to ip-50-63-202-48.ip.secureserver.net (50.63.202.48:80)

Remove video mediaplayer-nova.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.