home

fmzcxepy.exe

Naruto Source

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application fmzcxepy.exe by Naruto Source has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Naruto Source  (signed and verified)

Version:
1.34.8.12

MD5:
3378ffd50e2da518914fa713732537b5

SHA-1:
25a05ef7ab71cd4a686d1d5f4ade240c435daa61

SHA-256:
c5c3d1ea7efffeb910065dc77d118f3cd2a36416a7a513e28942bf78171baff3

Scanner detections:
25 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
5/9/2024 1:53:34 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.PDC
5774621

AhnLab V3 Security
Win-PUP/CrossRider
2015.04.29

avast!
Crossrider-AA [PUP]
150319-1

AVG
Could be an adware MultiBundle
2014.0.4311

Bitdefender
Adware.Agent.PDC
1.0.20.590

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
UnclassifiedMalware
21926

Dr.Web
Trojan.Crossrider1.23719
9.0.1.05190

Emsisoft Anti-Malware
Adware.Agent.PDC
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted (variant)
9.11546

F-Secure
Adware.Agent.PDC
5.13.68

G Data
Adware.Agent.PDC
15.4.25

IKARUS anti.virus
AdWare.CrossRider
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.203.15737

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

McAfee
Program.Crossrider.b
16.8.708.2

MicroWorld eScan
Adware.Agent.PDC
16.0.0.354

NANO AntiVirus
Trojan.Win32.Crossrider.dfortn
0.30.24.1357

nProtect
Adware.Agent.PDC
15.04.28.01

Quick Heal
PUA.Narutosour.Gen
4.15.14.00

Reason Heuristics
Threat.Brightcircle.Installer
15.4.28.12

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15426

Sophos
PUA 'AppRider' (of type Adware)
5.13

Trend Micro House Call
PUA_CROSSID
7.2.118

Trend Micro
PUA_CROSSID
10.465.28

File size:
8.4 MB (8,802,856 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\fmzcxepy.exe

Digital Signature
Signed by:
Naruto Source

Authority:
COMODO CA Limited

Valid from:
7/28/2014 2:00:00 AM

Valid to:
7/29/2015 1:59:59 AM

Subject:
CN=Naruto Source, O=Naruto Source, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
1CE82906A7F364268F66771839675655

File PE Metadata
Compilation timestamp:
12/4/2012 2:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:qc8gySMe29nllI8eKuzdGLvnqtoyCZvnjaYH91QtHI9Vj:qctj2BIvKu0bCIvNfj

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

Remove fmzcxepy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.