» fraven 1.1-nova.dll
Overview
Analysis
File Details

fraven 1.1-nova.dll

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The module fraven 1.1-nova.dll by Bright circle investments has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

fraven 1.1-nova.dll

Publisher:

Bright circle investments Ltd. (signed and verified)

MD5:

78866800327d4e020c1bb32b1c599607

SHA-1:

f220742d4edd460261a77e6389bda95068524c1a

SHA-256:

f7f7d59b212391a5621bf1465a94bb2bcc1c374f752e31abe2bb404623344012

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 9:13:52 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.BrightCircle (M)

16.7.11.12

File size:

123 KB (125,936 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\fraven 1.1\fraven 1.1-nova.dll

Digital Signature

Signed by:

Bright circle investments Ltd.

Authority:

COMODO CA Limited

Valid from:

6/19/2014 3:30:00 AM

Valid to:

6/20/2015 3:29:59 AM

Subject:

CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EF90FEF9AC8E258E5D30D0E08C84D37E

File PE Metadata

Compilation timestamp:

6/22/2014 1:35:49 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:H45eyFmfCypXqiONwdkietkU0F+PcEsWjcdo5gj0MY9lO:HC1H6h1dkGF+Go5gj0MYS

Entry address:

0x61BC

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3A, 2C, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 98, 8A, 01, 10, E8, E5, 14, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, B2, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 50, 40, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.0817

Developed / compiled with:

Microsoft Visual C++

Code size:

70 KB (71,680 bytes)

Remove fraven 1.1-nova.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.