home

1_offer_4.exe

AcDc Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 1_offer_4.exe by AcDc Project (BrightCircle Investments Limited) has been detected as adware by 24 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
AcDc Project (BrightCircle Investments Limited)  (signed and verified)

MD5:
c901a4eb48ed4d5551371be29eaff3c0

SHA-1:
3f46e2ce6b7ad651374d2f0d59a4b7641790e995

SHA-256:
8db78043f5b4c5ad3a025f555b6db69ef050d939a5bf0cc9afbdd09db48389bc

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer. Distributed through the Brightcircle investments brand.

Analysis date:
4/24/2024 10:14:15 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.03.06

Avira AntiVirus
Adware/CrossRid.bqyp
7.11.214.38

avast!
Win32:Crossrider-CB [PUP]
2014.9-150306

AVG
Generic
2016.0.3179

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1536

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.CrossRider.KI
21309

Dr.Web
Trojan.Crossrider1.6727
9.0.1.05190

ESET NOD32
Win32/Toolbar.CrossRider.BS potentially unwanted application
7.0.302.0

F-Prot
W32/S-bafd9975
v6.4.7.1.166

G Data
Win32.Application.Agent.F5ENRS
15.3.25

herdProtect (fuzzy)
variant of ins_sense.exe
2015.6.12.16

K7 AntiVirus
Unwanted-Program
13.200.15176

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

Malwarebytes
PUP.Optional.CrossRider.A
v2015.03.06.01

McAfee
Trojan.Artemis!C901A4EB48ED
16.8.708.2

NANO AntiVirus
Trojan.Win32.Crossrider1.dmxxfp
0.30.0.296

Panda Antivirus
Trj/Genetic.gen
15.03.06.01

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.BrightCircle
15.3.6.1

Sophos
PUA 'AppRider' (of type Adware)
5.11

Trend Micro House Call
TROJ_GEN.R00GC0OBI15
7.2.65

Trend Micro
TROJ_GEN.R00GC0OBI15
10.465.06

VIPRE Antivirus
Threat.4789396
37788

File size:
153 KB (156,640 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1_offer_4.exe

Digital Signature
Signed by:
AcDc Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
12/1/2014 10:00:00 AM

Valid to:
12/2/2015 9:59:59 AM

Subject:
CN=AcDc Project (BrightCircle Investments Limited), O=AcDc Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BB5CB272841409598560E8776848BBF4

File PE Metadata
Compilation timestamp:
1/9/2015 3:07:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:GXsKkvPCmNELtynbP+TOmsavs1C8/ehoraNUX1giPL:GXCNj6Jvs1C8/ehoraNUXeiT

Entry address:
0x9399

Entry point:
E8, B8, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 51, 32, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Code size:
106 KB (108,544 bytes)

Remove 1_offer_4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.