video mediaplayer-nova.exe

video MediaPlayer

Kimahri Software inc.

This adware uses the Crossrider platform to build and distribute this web browser advertising injection extension. Once installed in the browser it will hijack various browser settings (homepage, search) and may interfere and track behaviors as well as deliver ads. The application video mediaplayer-nova.exe, “video MediaPlayer exe” by Kimahri Software inc has been detected as adware by 18 anti-malware scanners. This file is typically installed with the program video MediaPlayer by Sailor Project which is a potentially unwanted software program. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
enter  (signed by Kimahri Software inc.)

Product:
video MediaPlayer

Description:
video MediaPlayer exe

Version:
1000.1000.1000.1000

MD5:
dea9e6a31de25975981defd06c178813

SHA-1:
e55595cd17d5973ee542086931a3cda1251cca0d

SHA-256:
a5efbe7ef3335f23568c75f996137ae3d5f61365dbe5cb57eb959ef729dabe68

Scanner detections:
18 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
11/24/2017 11:41:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.AdLoad
7.1.1

Avira AntiVirus
Adware/CrossRider.A.10488
7.11.156.158

avast!
Win32:Adware-gen [Adw]
2014.9-140624

AVG
Generic_r
2015.0.3433

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14624

ESET NOD32
Win32/Toolbar.CrossRider.AE (variant)
8.9970

Fortinet FortiGate
Riskware/Toolbar_CrossRider
6/24/2014

G Data
Win32.Application.Plush
14.6.24

Jiangmin
Adware/Adload.aym
KV140624

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

Malwarebytes
PUP.Optional.VideoMediaPlayer.A
v2014.06.24.07

McAfee
Artemis!11C641E53E86
5600.7089

McAfee Web Gateway
Artemis!11C641E53E86
7.7089

NANO AntiVirus
Riskware.Win32.AdLoad.dbdtmc
0.28.0.60253

Panda Antivirus
PUP/PlusHD
14.06.24.07

Qihoo 360 Security
Win32/Trojan.e1c
1.0.0.1015

Reason Heuristics
PUP.KimahriSoftwareinc.W
14.6.24.19

VIPRE Antivirus
Crossrider
30464

File size:
596.4 KB (610,664 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
video MediaPlayer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\video mediaplayer\video mediaplayer-nova.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/6/2013 5:00:00 PM

Valid to:
3/6/2016 4:59:59 PM

Subject:
CN=Kimahri Software inc., O=Kimahri Software inc., STREET=666 Sherbrooke Rue w, L=Montreal, S=Quebec, PostalCode=H3A 1E7, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A1BB8569950C0B2080A11A0E2F618B33

File PE Metadata
Compilation timestamp:
6/19/2014 2:21:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:WBatSe8oo7K6fGlWMeNhX8Pr8QfcMfPfFYEpTBWYxDmMX:Wat2oQ00X6rNFPN3TAwDnX

Entry address:
0x465B9

Entry point:
E8, 5F, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 98, C1, 47, 00, E8, E1, 4E, 00, 00, E8, 9D, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, F2, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 3B, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3270

Code size:
420.5 KB (430,592 bytes)

The file video mediaplayer-nova.exe has been discovered within the following program.

video MediaPlayer  by Sailor Project
video MediaPlayer is an adware web browser application that displays banner ads as well as contextual link ads that are injected in the web page.
crossrider.com
83% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-55.ip.secureserver.net  (50.63.202.55:80)

TCP (HTTP):
Connects to ip-50-63-202-40.ip.secureserver.net  (50.63.202.40:80)

TCP (HTTP):
Connects to ip-184-168-221-35.ip.secureserver.net  (184.168.221.35:80)

TCP (HTTP):
Connects to ip-184-168-221-53.ip.secureserver.net  (184.168.221.53:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.81.202:80)

TCP (HTTP):
Connects to ip-50-63-202-48.ip.secureserver.net  (50.63.202.48:80)

Remove video mediaplayer-nova.exe - Powered by Reason Core Security