home

bc0984c1-8e25-435a-b8d0-c3b09e82d38e-6.exe

Cinema-Plus-1.2

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application bc0984c1-8e25-435a-b8d0-c3b09e82d38e-6.exe, “Cinema-Plus-1.2 exe” by Evangelion Group has been detected as adware by 20 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Cinema Plus  (signed by Evangelion Group)

Product:
Cinema-Plus-1.2

Description:
Cinema-Plus-1.2 exe

Version:
1000.1000.1000.1000

MD5:
755537595fd7d52734428aa79cf3453c

SHA-1:
5172002763ff483333612789f2006cb30de3dbe0

SHA-256:
e48f5d1465f2ef2adc865689b27f14c6c9b7d7f8cc6353a5f85cc4d81c1f9213

Scanner detections:
20 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/19/2024 1:51:35 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.CrossRider
7.1.1

AhnLab V3 Security
Win-PUP/CrossRider
2014.10.31

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.182.78

avast!
Win32:Crossrider-AI [PUP]
141025-0

AVG
Generic
2015.0.3306

Dr.Web
Trojan.Crossrider.27602
9.0.1.05190

ESET NOD32
Win32/Toolbar.CrossRider.AE potentially unwanted application
7.0.302.0

F-Prot
W32/A-04c00d5a
v6.4.7.1.166

G Data
Win32.Adware.Crossrider
14.10.24

K7 AntiVirus
Unwanted-Program
13.185.13853

Kaspersky
Trojan.NSIS.GoogUpdate
15.0.0.494

Malwarebytes
PUP.Optional.CinemaPlus.A
v2014.10.30.11

NANO AntiVirus
Trojan.Win32.Crossrider.ddyfoy
0.28.6.62995

nProtect
Trojan/W32.Agent.624496
14.10.30.01

Qihoo 360 Security
Win32/Trojan.e1c
1.0.0.1015

Reason Heuristics
PUP.Crossrider.Task.g
14.12.22.11

Sophos
AppRider
4.98

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

VIPRE Antivirus
Threat.4789396
34232

Zillya! Antivirus
Trojan.GoogUpdate.Win32.183
2.0.0.1972

File size:
609.9 KB (624,496 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Cinema-Plus-1.2.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cinema-plus-1.2\bc0984c1-8e25-435a-b8d0-c3b09e82d38e-6.exe

Digital Signature
Signed by:
Evangelion Group

Authority:
COMODO CA Limited

Valid from:
7/28/2014 1:00:00 AM

Valid to:
7/29/2015 12:59:59 AM

Subject:
CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata
Compilation timestamp:
8/3/2014 11:16:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:kpONzUHxDrtW1Aqm7nLcaeWArI4OlVCpTbI8GdqyPTjC:CIURFXsnZXOlV+T8BBPT+

Entry address:
0x483AC

Entry point:
E8, 0C, E0, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 10, F5, 47, 00, E8, DE, 4E, 00, 00, E8, 9A, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, 9F, DF, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9A, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.3509

Code size:
432.5 KB (442,880 bytes)

Scheduled Task
Task name:
bc0984c1-8e25-435a-b8d0-c3b09e82d38e-6

Trigger:
Logon (Runs on logon)


Remove bc0984c1-8e25-435a-b8d0-c3b09e82d38e-6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.