home

cirmuuz.exe

CinemaHd For Pro 2.4cV11.12

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application cirmuuz.exe, “CinemaHd For Pro 2.4cV11.12 exe” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 24 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Cinema HDV11.12  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
CinemaHd For Pro 2.4cV11.12

Description:
CinemaHd For Pro 2.4cV11.12 exe

Version:
1000.1000.1000.1000

MD5:
38c39d970c6b4a15f744e0b058fa6800

SHA-1:
c8aa3612c52bcbf9f40f2ed8739694ab70f573c7

SHA-256:
0e2d7aef44772a4d1e5787c9bcf0534b6abd64e6e2ce02308ac803f0fb2abf04

Scanner detections:
24 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/25/2024 4:35:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.Cv1@kux3pNgO
6113794

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.194.188

avast!
Win32:Adware-gen [Adw]
2014.9-141219

AVG
Generic
2015.0.3263

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141219

Bitdefender
Gen:Application.Heur.Cv1@kux3pNgO
1.0.20.1725

Dr.Web
Trojan.Crossrider.46878
9.0.1.0353

Emsisoft Anti-Malware
Gen:Application.Heur.Cv1@kux3pNgO
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/Adwapper
12/19/2014

F-Secure
Riskware.Gen:Application.Heur.Cv1@kux3pNgO
5.13.68

G Data
Gen:Application.Heur.Cv1@kux3pNgO
14.12.24

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.186.14309

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.CinemaHDPro.A
v2014.12.11.09

McAfee
Trojan.Artemis!9DB3589F658C
5600.6912

MicroWorld eScan
Gen:Application.Heur.Cv1@kO6!U9lO
15.0.0.1059

NANO AntiVirus
Riskware.Win32.Crossrider.dkjfaz
0.28.6.63850

Norman
Gen:Application.Heur.Cv1@kux3pNgO
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.11.09

Qihoo 360 Security
Win32/Application.ed4
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Task.H
14.12.11.20

Sophos
Generic PUA GI
4.98

File size:
1.5 MB (1,523,680 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaHd For Pro 2.4cV11.12.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\cirmuuz.exe

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/16/2014 7:00:00 PM

Valid to:
11/17/2015 6:59:59 PM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/11/2014 12:05:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:6NcjqUFp3u3nKidXKx5sfAyfUxm+JjMUJCyIybgyPldfpSJc8T1:6NcuUnin3dQsnfUmSj6yZdfpSJXT1

Entry address:
0xF1A0B

Entry point:
E8, 35, FE, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 68, FF, 00, 00, 3B, 30, 7C, 07, E8, 5F, FF, 00, 00, 8B, 30, E8, 52, FF, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, C9, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, E0, 6E, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 13, 2F, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, E0, 6E, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, CC, EB...
 
[+]

Entropy:
6.6214

Code size:
1.1 MB (1,155,584 bytes)

Scheduled Task
Task name:
3ed0176b-18dc-4837-b59b-5ce2d14dd1a6-4

Trigger:
Logon (Runs on logon)


Remove cirmuuz.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.