» fhmtaknvhluc.exe
Overview
Analysis
File Details
Network (3)

fhmtaknvhluc.exe

Airplane Networks (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application fhmtaknvhluc.exe by Airplane Networks (BrightCircle Investments Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

fhmtaknvhluc.exe

Publisher:

Vyftvkbi LTD (signed by Airplane Networks (BrightCircle Investments Limited))

Description:

Rncxtwsgqixu

Version:

1.35.12.18

MD5:

a02e1a1820f26a6e6ba1cb32bd041902

SHA-1:

7bbd6043824b61aa41ca1b18a9dfeed9a6fcf929

SHA-256:

188c91d96466ca464cde6ff7407226ab8a12a65cb8fa1fcc4b29a4256de9b452

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 11:25:19 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.BrightCircle.AirplaneNetworksBrightCircleInvestmentsLimited.M

15.1.4.11

File size:

11.8 MB (12,344,704 bytes)

Trademarks:

Cmzlnbi is a trademark of Eecubadfenifg

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\fhmtaknvhluc.exe

Digital Signature

Signed by:

Airplane Networks (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/30/2014 6:00:00 PM

Valid to:

12/1/2015 5:59:59 PM

Subject:

CN=Airplane Networks (BrightCircle Investments Limited), O=Airplane Networks (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00ADA185AFC7F23D3C115D613E31289B

File PE Metadata

Compilation timestamp:

12/4/2012 7:55:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:4XouWaDM71FGQYwy44iC5zYrsNQ6m13/21UdwqvC/zAqSuqGoGu74fHWD5nrMa3l:4XVnY7fjrrNX13/21UdvT5iFvk5r3HAc

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.42:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (54.231.66.4:80)

TCP (HTTP):

Connects to ec2-54-243-242-176.compute-1.amazonaws.com (54.243.242.176:80)

Remove fhmtaknvhluc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.