home

8startbutton_v2.6.2_final(malestom).exe

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 8startbutton_v2.6.2_final(malestom).exe by Berta Brid Eco has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Berta Brid Eco  (signed and verified)

MD5:
4ab1176fcdfbcd7ddcd217b9d7a6dfd6

SHA-1:
67280dfa1586b8a1e6c4b9fe09ea4620dbcdc78e

SHA-256:
c629278b2ff342c928d6fff3745893182883b1ca380a0d1347a12a48920dbf8f

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer. Distributed through the Brightcircle investments brand.

Analysis date:
4/19/2024 4:34:44 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/CoolMirage.Gen
7.11.167.130

G Data
NSIS.Application.OneClickDownloader
14.8.24

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.08.15.06

Qihoo 360 Security
Win32/Virus.Adware.47b
1.0.0.1015

Reason Heuristics
PUP.BertaBridEco.b
14.8.25.1

Trend Micro House Call
Suspicious_GEN.F47V0815
7.2.227

File size:
362.3 KB (371,008 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
Berta Brid Eco

Authority:
COMODO CA Limited

Valid from:
8/14/2014 1:00:00 AM

Valid to:
8/15/2015 12:59:59 AM

Subject:
CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:isA7KTvZZ4fAH+2yTUPpTqr9jdvSVfeZZhFTVWXOCXC9dfBjQzvv:+KTvZLyT9r9pvEfOZhNVW+CS9Ezv

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file 8startbutton_v2.6.2_final(malestom).exe has been seen being distributed by the following 40 URLs.

http://www.torntv-downloader.com/.../Ceasar_IV_no-cd_patch_(working).exe

http://www.torntv-dl.net/.../X-Men_Days_of_Future_Past_2014_HDRiP_READNFO_XviD-ART3MiS.exe

http://www.torntv-dl.net/.../Kill_la_Kill_01_24_HorribleSubs___(1080)p.exe

http://www.torntv-dl.net/.../The_Wolf_of_Wall_Street_(2013)_720p_BrRip_x264_-_YIFY.exe

http://www.torntv-dl.net/.../Transformers_Age_of_Extinction_2014_CAM_x264_AC3_TiTAN.exe

http://www.torntv-downloader.com/.../torrent.exe

http://www.torntv-dl.net/.../LeagueOfLegends.exe

http://www.torntv-downloader-dl.info/.../Bajo_La_Misma_Estrella[2014]DVDRip_XviD[Spanish_Latino].exe

http://www.torntv-dl.net/.../visual_studio_2010_Full.exe

http://www.torntv-dl.net/.../Go_On_S01E09_HDTV_x264_LOL_[VTV]_mp4.exe

http://www.torntv-downloader-dl.info/.../The_Holy_Bible_(King_James_Version).exe

http://www.torntv-dl.net/.../YourDownload.exe

http://www.torntv-downloader-dl.info/.../Now.You.See.Me.2013.1080p.BluRay.x264.YIFY.mp4.exe

http://www.torntv-dl.net/.../inbetweeners_2_Direct.exe

http://www.torntv-dl.net/.../Avid_Sibelius_7_5_0_Multilingual.exe

http://www.torntv-dl.net/.../SimCity_5-SKIDROW.exe

http://www.torntv-dl.net/.../Desi_Virgin_Girl_First_Time_Sex_With_BF.exe

http://www.torntv-dl.net/.../[subbed_by_KSHOWNOW_NET]RM_E198_140601_720p_QC_mp4.exe

http://www.torntv-dl.net/.../Los_Ba_eros_M_s_Locos_del_Mundo_reestreno_[2014]HDRip_XviD[Argentina].exe

http://www.torntv-dl.net/.../Humpty_Sharma_Ki_Dulhania_(2014)_-_1CD_-_DVDSCR-Rip_-_Hindi_-_x264_-_MP3_-_Mafiaking_-_[D3Si_MaNiaCs].exe

http://www.torntv-dl.net/.../Eagles_Hotel_california_remastered_album_WAV.exe

http://www.torntv-dl.net/.../www_indian_sex_free_movies_com_Full.exe

http://www.torntv-dl.net/.../Game_of_Thrones_Season_1_Complete_720p_DD5_1.exe

http://www.torntv-dl.net/.../American_Horror_Story_Season_3_COMPLETE_720p_Web_Dl_Sujaidr.exe

http://www.torntv-dl.net/.../Dallas.Buyers.Club.2013.720p.BluRay.x264.exe

http://www.torntv-dl.net/.../ARIHANT_BITSAT_2012_CD_MOSCK_TEST_BY_MOHIT_MITTAL.exe

http://www.torntv-dl.net/.../Kruk_lektor_pl_1994_avi.exe

http://www.torntv-dl.net/.../www_OnlyGirlsMassage_Com_Verified.exe

http://www.torntv-dl.net/.../Microsoft_Office_2013_Professional_Plus_activation_crack.exe

http://www.torntv-dl.net/.../Rabindra_Sangeet_Instrumental.exe

Latest 30 of 40 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-176-34-177-58.eu-west-1.compute.amazonaws.com  (176.34.177.58:80)

Remove 8startbutton_v2.6.2_final(malestom).exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.