home

b75fa0cd-d93e-4170-80fd-b51c6806134e-2.exe

Cinema-Plus-1.2

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application b75fa0cd-d93e-4170-80fd-b51c6806134e-2.exe, “Cinema-Plus-1.2 exe” by Bright circle investments has been detected as adware by 14 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Cinema Plus  (signed by Bright circle investments Ltd.)

Product:
Cinema-Plus-1.2

Description:
Cinema-Plus-1.2 exe

Version:
1000.1000.1000.1000

MD5:
1eec0852a98f44b67241e5e1df76bed2

SHA-1:
2a938c6de87ccfec060fa91d8b33f9b4afa9c030

SHA-256:
3ae39409a236852e03ae02156a39df6c369218b7c5d40eef8b303c65180956e3

Scanner detections:
14 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/19/2024 3:45:31 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.175.18

AVG
Generic
2015.0.3335

Baidu Antivirus
Adware.Win32.CrossRider
4.0.3.14101

ESET NOD32
Win32/Toolbar.CrossRider.AJ potentially unwanted application
8.7.0.302.0

F-Prot
W32/S-9ad4719b
v6.4.7.1.166

G Data
Win32.Adware.Crossrider
14.10.24

Malwarebytes
PUP.Optional.GeForce.A
v2014.10.01.12

NANO AntiVirus
Riskware.Win32.AdLoad.dcciww
0.28.2.62286

Panda Antivirus
Trj/Genetic.gen
14.10.01.12

Reason Heuristics
PUP.Crossrider.Task.g
14.12.22.11

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.14929

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
32938

Zillya! Antivirus
Adware.AdLoad.Win32.178
2.0.0.1936

File size:
396.6 KB (406,072 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Cinema-Plus-1.2.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinema-plus-1.2\b75fa0cd-d93e-4170-80fd-b51c6806134e-2.exe

Digital Signature
Signed by:
Bright circle investments Ltd.

Authority:
COMODO CA Limited

Valid from:
6/19/2014 5:00:00 PM

Valid to:
6/20/2015 4:59:59 PM

Subject:
CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4347D0F2AD67F1767C932B3BFBEA7713

File PE Metadata
Compilation timestamp:
7/8/2014 3:05:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:J0v6TsqE853e6/CzNp43DgA8uw88JNH07hrm1pTBcyDiUC:J0v6gqEIO6//I7jJNH09m1pT+l

Entry address:
0x31C21

Entry point:
E8, 7E, 8F, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, F4, 45, 00, E8, 09, 25, 00, 00, E8, 89, 16, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, B7, 62, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4446

Code size:
306 KB (313,344 bytes)

Scheduled Task
Task name:
b75fa0cd-d93e-4170-80fd-b51c6806134e-2

Trigger:
Logon (Runs on logon)

Action:
b75fa0cd-d93e-4170-80fd-b51c6806134e-2.exe \lckyhb \vlgsyftgf='cinema-plus-1.2' \gonamrscr=60


Remove b75fa0cd-d93e-4170-80fd-b51c6806134e-2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.