» 5304.exe
Overview
Analysis
File Details

5304.exe

Blondie Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 5304.exe, “Com NotificationV03.03 exe” by Blondie Project (Bright Circle Investments) has been detected as adware by 21 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

5304.exe

Publisher:

Com NotificationV03.03 (signed by Blondie Project (Bright Circle Investments Ltd))

Product:

Com NotificationV03.03

Description:

Com NotificationV03.03 exe

Version:

1000.1000.1000.1000

MD5:

b9649927c40f48412dd9ce69b37d8326

SHA-1:

93e98fda24e677f1f0633da5816a39b9778e7568

SHA-256:

b7c98e67f7e9d220a09d4686b29386710fa204919098361eedd5d9b80938152d

Scanner detections:

21 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/16/2024 8:44:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.171733

701

AhnLab V3 Security

PUP/Win32.CrossRider

2015.03.06

Avira AntiVirus

ADWARE/CrossRider.Gen4

7.11.214.42

avast!

Win32:Adware-gen [Adw]

150129-1

AVG

Generic

2016.0.3179

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.1536

Bitdefender

Gen:Variant.Adware.Graftor.171733

1.0.20.325

Dr.Web

Trojan.Crossrider1.21678

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.171733

8.15.03.06.03

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Adware.Graftor

11.2015-06-03_6

G Data

Gen:Variant.Adware.Graftor.171733

15.3.25

herdProtect (fuzzy)

variant of 5524.exe (Adware)

2015.6.12.18

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

Malwarebytes

PUP.Optional.SystemNotifier.A

v2015.06.12.06

MicroWorld eScan

Gen:Variant.Adware.Graftor.171733

16.0.0.195

Panda Antivirus

Trj/Genetic.gen

15.03.06.04

Quick Heal

PUA.BrightCircle.OD6

3.15.14.00

Reason Heuristics

Adware.BrightCircle.BlondieProjectBrightCircleInvestments

15.3.6.4

Sophos

Generic PUA OA

4.98

VIPRE Antivirus

Threat.4789396

38050

File size:

1.1 MB (1,203,672 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Com NotificationV03.03.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\5304.exe

Digital Signature

Signed by:

Blondie Project (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/15/2014 4:00:00 PM

Valid to:

12/16/2015 3:59:59 PM

Subject:

CN=Blondie Project (Bright Circle Investments Ltd), O=Blondie Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0903CC287C7EEA81D3C21DBB234D320C

File PE Metadata

Compilation timestamp:

3/2/2015 9:05:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:qqFLSSxra2SZIcSDLZtMy6SWB9fhQLTjpSnxcJbIKqAKUE:7LvBSZveLAVfhmTjpSnx0bIKvKUE

Entry address:

0x95AAD

Entry point:

E8, B9, FE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, B9, 50, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 81, 50, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, B9, 50, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8... 
[+]

Entropy:

6.4586

Code size:

754.5 KB (772,608 bytes)

Remove 5304.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.