home

1ab14rn52.exe

Berta Dress Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 1ab14rn52.exe by Berta Dress Apps (Bright Circle Investments) has been detected as adware by 17 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.newdatastatsserv.com. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Berta Dress Apps (Bright Circle Investments Ltd)  (signed and verified)

MD5:
1d0aff4ee999e04f5e3126e7dada9aad

SHA-1:
924e2eb830d1e7e55660a5b70c4c8677e77ae875

SHA-256:
367b0c37f88d3cbe0a791fcafb3cd4e6e8eee70f74f60380be2642c85191463e

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
4/25/2024 3:05:30 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.16

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.201.150

AVG
Generic
2016.0.3158

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15327

ESET NOD32
Win32/Toolbar.CrossRider.BS (variant)
9.11023

Fortinet FortiGate
Riskware/CrossRider
3/27/2015

herdProtect (fuzzy)
variant of setup.exe (Adware)
2015.7.2.3

K7 AntiVirus
Trojan
13.191.14664

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2283

Malwarebytes
PUP.Optional.CrossRider.A
v2015.03.27.08

McAfee
Artemis!1D0AFF4EE999
5600.6814

Panda Antivirus
Trj/Genetic.gen
15.03.27.08

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.BertaDressAppsBrightCircleInvestments
15.3.27.8

Sophos
Generic PUA JC
4.98

Trend Micro House Call
Suspicious_GEN.F47V0114
7.2.86

VIPRE Antivirus
Crossrider
36702

File size:
154.5 KB (158,176 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1ab14rn52.exe

Digital Signature
Signed by:
Berta Dress Apps (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 3:00:00 AM

Valid to:
12/17/2015 2:59:59 AM

Subject:
CN=Berta Dress Apps (Bright Circle Investments Ltd), O=Berta Dress Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009C113F566DE374D0EF1F22B0B717D3DC

File PE Metadata
Compilation timestamp:
1/14/2015 3:31:57 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:Uyo5fCZv58DLptUhAak5W+yxk1cvs1C8/ehoraNUXyTq5Xeo8:U5hVL1Wsyvs1C8/ehoraNUX7Ry

Entry address:
0x9724

Entry point:
E8, 2D, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 51, 32, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.4751

Code size:
107.5 KB (110,080 bytes)

The file 1ab14rn52.exe has been seen being distributed by the following URL.

http://dl.newdatastatsserv.com/47/all/hqv/.../setup.exe

Remove 1ab14rn52.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.