home

1618.exe

Cinema Video 1.8V27.02

Blondie Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 1618.exe, “Cinema Video 1.8V27.02 exe” by Blondie Project (Bright Circle Investments) has been detected as adware by 28 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Cinema VideoV27.02  (signed by Blondie Project (Bright Circle Investments Ltd))

Product:
Cinema Video 1.8V27.02

Description:
Cinema Video 1.8V27.02 exe

Version:
1000.1000.1000.1000

MD5:
4c4e3701462298477b69f42b12362c14

SHA-1:
903ee082e72a8f2fe3ecabae93efa7c2c48cca6f

SHA-256:
152d231a6136d8bd99b2806e333f39762a218f1c5b3ffc62360ba63864273ece

Scanner detections:
28 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/25/2024 8:13:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.171733
700

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

AhnLab V3 Security
PUP/Win32.CrossRider
2015.03.03

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.213.54

avast!
Win32:PUP-gen [PUP]
2014.9-150307

AVG
Generic
2016.0.3178

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1537

Bitdefender
Gen:Variant.Adware.Graftor.171733
1.0.20.330

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Graftor-804
0.98/21511

Dr.Web
Trojan.Crossrider1.20807
9.0.1.066

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.171733
8.15.03.07.02

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted (variant)
9.11259

F-Secure
Gen:Variant.Adware.Graftor
11.2015-07-03_7

G Data
Gen:Variant.Adware.Graftor.171733
15.3.25

herdProtect (fuzzy)
variant of 379bd27e-8b0e-48b7-a28d-b6de3b34ebf3-10.exe (Adware)
2015.6.13.15

K7 AntiVirus
Trojan
13.204.15935

Malwarebytes
PUP.Optional.iCinema.A
v2015.03.07.02

McAfee
Artemis!4C4E37014622
5600.6834

MicroWorld eScan
Gen:Variant.Adware.Graftor.171733
16.0.0.198

Panda Antivirus
Trj/Genetic.gen
15.03.07.02

Qihoo 360 Security
Win32/Virus.Adware.de5
1.0.0.1015

Quick Heal
PUA.BrightCircle.OD6
3.15.14.00

Reason Heuristics
Adware.BrightCircle.BlondieProjectBrightCircleInvestments
15.3.7.2

Sophos
Generic PUA JA
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00CF15
7.2.164

VIPRE Antivirus
Crossrider
38068

Zillya! Antivirus
Trojan.Black.Win32.26039
2.0.0.2179

File size:
1.4 MB (1,458,648 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Cinema Video 1.8V27.02.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\1618.exe

Digital Signature
Signed by:
Blondie Project (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 2:00:00 AM

Valid to:
12/17/2015 1:59:59 AM

Subject:
CN=Blondie Project (Bright Circle Investments Ltd), O=Blondie Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0903CC287C7EEA81D3C21DBB234D320C

File PE Metadata
Compilation timestamp:
2/27/2015 1:05:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:NQb/D119q2iWuZBTxJQp1UMR0f3KHhZt6xtYaGiuqWy+pVx9ZFhtIsQUY8gk3rfJ:N8Myp+fAgYaGiuqWy+pVx9ZFhtIsQUYC

Entry address:
0xBFBED

Entry point:
E8, 53, FE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 79, 54, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 41, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 79, 54, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
949 KB (971,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-50-63-202-51.ip.secureserver.net  (50.63.202.51:80)

TCP (HTTP):
Connects to ec2-107-22-213-25.compute-1.amazonaws.com  (107.22.213.25:80)

TCP (HTTP):
Connects to ec2-50-17-189-123.compute-1.amazonaws.com  (50.17.189.123:80)

TCP (HTTP):
Connects to 61-90-189-24.static.asianet.co.th  (61.90.189.24:80)

TCP (HTTP):
Connects to ip-50-63-202-62.ip.secureserver.net  (50.63.202.62:80)

TCP (HTTP):
Connects to ec2-50-16-231-217.compute-1.amazonaws.com  (50.16.231.217:80)

TCP (HTTP):
Connects to TIG-Net17-24.trueintergateway.com  (27.123.17.24:80)

TCP (HTTP):
Connects to 61-91-17-173.static.asianet.co.th  (61.91.17.173:80)

TCP (HTTP):
Connects to 61-91-16-39.static.asianet.co.th  (61.91.16.39:80)

TCP (HTTP):
Connects to 61-90-189-123.static.asianet.co.th  (61.90.189.123:80)

TCP (HTTP):
Connects to 61-90-179-104.static.asianet.co.th  (61.90.179.104:80)

TCP (HTTP):
Connects to TIG-Net17-99.trueintergateway.com  (27.123.17.99:80)

TCP (HTTP):
Connects to TIG-Net17-42.trueintergateway.com  (27.123.17.42:80)

TCP (HTTP):
Connects to TIG-Net17-38.trueintergateway.com  (27.123.17.38:80)

TCP (HTTP):
Connects to TIG-Net17-35.trueintergateway.com  (27.123.17.35:80)

TCP (HTTP):
Connects to TIG-Net17-26.trueintergateway.com  (27.123.17.26:80)

TCP (HTTP):
Connects to TIG-Net17-20.trueintergateway.com  (27.123.17.20:80)

TCP (HTTP):
Connects to TIG-Net17-121.trueintergateway.com  (27.123.17.121:80)

TCP (HTTP):
Connects to ec2-107-21-245-181.compute-1.amazonaws.com  (107.21.245.181:80)

TCP (HTTP):
Connects to 61-91-19-251.static.asianet.co.th  (61.91.19.251:80)

Remove 1618.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.