» cinema-plus-1.2-nova.dll
Overview
Analysis
File Details

cinema-plus-1.2-nova.dll

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module cinema-plus-1.2-nova.dll by Bright circle investments has been detected as adware by 13 anti-malware scanners. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

Publisher:

Bright circle investments Ltd. (signed and verified)

MD5:

da3517f3b9ec1585816f63079373d64c

SHA-1:

8c4acd967a6579ba94b3444c852395b6252e230b

SHA-256:

ca872c64b31525bad1ebf741e368dfc3de20df3573fe47aa62a3d1c9d5e7acad

Scanner detections:

13 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:

4/24/2024 3:57:44 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.AdLoad

7.1.1

AVG

Generic

2015.0.3350

Baidu Antivirus

Adware.Win32.CrossRider

4.0.3.14922

ESET NOD32

Win32/Toolbar.CrossRider.AI potentially unwanted application

8.7.0.302.0

G Data

Win32.Adware.Crossrider

14.9.24

herdProtect (fuzzy)

variant of p-hd-v1.4-nova.dll (Adware)

2014.11.16.1

IKARUS anti.virus

AdWare.Win32.Crossrider

t3scan.1.7.5.0

Kaspersky

not-a-virus:WebToolbar.Win32.CroRi

15.0.0.494

Qihoo 360 Security

Malware.QVM30.Gen

1.0.0.1015

Reason Heuristics

PUP.Brightcircleinvestments.T

14.9.15.20

Sophos

AppRider

4.98

Vba32 AntiVirus

AdWare.AdLoad

3.12.26.3

VIPRE Antivirus

Threat.4150696

32210

File size:

121.1 KB (123,960 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\cinema-plus-1.2\cinema-plus-1.2-nova.dll

Digital Signature

Signed by:

Bright circle investments Ltd.

Authority:

COMODO CA Limited

Valid from:

6/19/2014 9:00:00 PM

Valid to:

6/20/2015 8:59:59 PM

Subject:

CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

4347D0F2AD67F1767C932B3BFBEA7713

File PE Metadata

Compilation timestamp:

7/11/2014 7:03:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:JdwPoXhgMHbcEl0RzGyetRd1ierk9002uSG+8bc1/JsWjcdvZnydMwf6:JBeMQE2zdcd1Z0uG+8guvZnydMwf6

Entry address:

0x5F2C

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3A, 2C, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, E8, 8A, 01, 10, E8, E5, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, B2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 60, 40, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

69.5 KB (71,168 bytes)

Remove cinema-plus-1.2-nova.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.