» dcwcjtf.exe
Overview
Analysis
File Details
Behaviors (1)

dcwcjtf.exe

SuperPlusRadio v2.1V03.03

Blondie Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application dcwcjtf.exe, “SuperPlusRadio v2.1V03.03 exe” by Blondie Project (Bright Circle Investments) has been detected as adware by 22 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named DCWCJTF triggered to execute each time a user logs in. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

dcwcjtf.exe

Publisher:

RadioCanyonv2V03.03 (signed by Blondie Project (Bright Circle Investments Ltd))

Product:

SuperPlusRadio v2.1V03.03

Description:

SuperPlusRadio v2.1V03.03 exe

Version:

1000.1000.1000.1000

MD5:

b36b0a802446033be176a779d72a4237

SHA-1:

8fbf2890a107e1ce15b8f78bbc04433bb24ce202

SHA-256:

73acbf9adb2fe2a41c105a90ff6a0ba805ad3201ecc57823d487844a61a603da

Scanner detections:

22 / 68

Status:

Adware

Explanation:

May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:

4/26/2024 3:33:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.uv1@mW32lLgO

701

AhnLab V3 Security

PUP/Win32.CrossRider

2015.03.06

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.215.110

avast!

Win32:Malware-gen

150129-1

AVG

Generic

2016.0.3179

Baidu Antivirus

Adware.Win32.CrossAd

4.0.3.1536

Bitdefender

Gen:Application.Heur.uv1@mW32lLgO

1.0.20.325

Emsisoft Anti-Malware

Gen:Application.Heur.uv1@mW32lLgO

8.15.03.06.05

ESET NOD32

Win32/Toolbar.CrossRider.CB potentially unwanted application

9.7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.uv1@mW32lLgO

11.2015-06-03_6

G Data

Gen:Application.Heur.uv1@mSz8H!lO

15.3.25

herdProtect (fuzzy)

variant of 126d36c1-babc-4b61-b872-e478b0d7cb07-4.exe (Adware)

2015.6.12.20

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

15.0.0.543

Malwarebytes

PUP.Optional.ShopUp.A

v2015.03.06.05

MicroWorld eScan

Gen:Application.Heur.uv1@mW32lLgO

16.0.0.195

Norman

Gen:Application.Heur.uv1@kW32lLgO

11.20150306

Panda Antivirus

Trj/Genetic.gen

15.03.06.05

Qihoo 360 Security

Win32/Application.3e5

1.0.0.1015

Quick Heal

PUA.BrightCircle.OD6

3.15.14.00

Reason Heuristics

Adware.BrightCircle.Task

15.3.6.5

VIPRE Antivirus

Threat.4789396

37788

File size:

1.3 MB (1,377,752 bytes)

Product version:

1000.1000.1000.1000

Original file name:

SuperPlusRadio v2.1V03.03.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\dcwcjtf.exe

Digital Signature

Signed by:

Blondie Project (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/15/2014 4:00:00 PM

Valid to:

12/16/2015 3:59:59 PM

Subject:

CN=Blondie Project (Bright Circle Investments Ltd), O=Blondie Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0903CC287C7EEA81D3C21DBB234D320C

File PE Metadata

Compilation timestamp:

3/3/2015 3:04:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:FgsgPlR2b28SCruibhtkJvlpS4xF+9vnfnRqt3jg9mwTGq0e1pSUQhTk/:Fgsgf2aN+h6JNpZg9/5qcmGP0e1pSUym

Entry address:

0xD1E9B

Entry point:

E8, CD, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 00, E6, 00, 00, 3B, 30, 7C, 07, E8, F7, E5, 00, 00, 8B, 30, E8, EA, E5, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 99, 43, 00, 00, 8B, F0, 85, F6, 75, 07, B8, F0, 31, 53, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 72, 2D, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, F0, 31, 53, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, A2, D2... 
[+]

Entropy:

6.6859

Code size:

987.5 KB (1,011,200 bytes)

Scheduled Task

Task name:

DCWCJTF

Trigger:

Logon (Runs on logon)

Remove dcwcjtf.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.