home

gbhjrpg.exe

Cinema Go Pro 2.3cV30.11

Aussie Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application gbhjrpg.exe, “Cinema Go Pro 2.3cV30.11 exe” by Aussie Labs (BrightCircle Investments Limited) has been detected as adware by 28 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named GBHJRPG triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Cinema ProV30.11  (signed by Aussie Labs (BrightCircle Investments Limited))

Product:
Cinema Go Pro 2.3cV30.11

Description:
Cinema Go Pro 2.3cV30.11 exe

Version:
1000.1000.1000.1000

MD5:
f952c5b755cc0b73ab24b328c2519e0e

SHA-1:
ba8b4f254939b17882e9ccde57670e6d57e55a81

SHA-256:
46289a0866766f15024bc2602dd92721c14429fd5ca8f12005b63cf628243ceb

Scanner detections:
28 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 11:10:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.rv1@mmF1EujO
675

AhnLab V3 Security
PUP/Win32.CrossRider
2014.12.10

Avira AntiVirus
Adware/CrossRider.KI
7.11.193.210

avast!
Win32:PUP-gen [PUP]
2014.9-150401

AVG
Generic
2016.0.3153

Bitdefender
Gen:Application.Heur.rv1@kKK3lFjO
1.0.20.455

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-32679
0.98/20183

Dr.Web
Trojan.Crossrider.47082
9.0.1.0187

Emsisoft Anti-Malware
Gen:Application.Heur.rv1@mmF1EujO
8.15.07.06.05

ESET NOD32
Win32/Toolbar.CrossRider.CB potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Adware/Adwapper
4/1/2015

F-Secure
Riskware.Gen:Application.Heur.rv1@mmF1EujO
11.2015-01-04_4

G Data
Gen:Application.Heur.rv1@kKK3lFjO
15.4.24

herdProtect (fuzzy)
variant of qb.exe (Adware)
2015.7.6.5

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.186.14280

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
14.0.0.2258

Malwarebytes
PUP.Optional.CinemaGoPro.A
v2015.04.01.09

McAfee
Artemis!F952C5B755CC
5600.6809

MicroWorld eScan
Gen:Application.Heur.rv1@kKK3lFjO
16.0.0.273

NANO AntiVirus
Riskware.Win32.CrossRider.djqwgp
0.28.6.63850

Norman
Gen:Application.Heur.rv1@kmF1EujO
11.20150706

Panda Antivirus
Generic Suspicious
15.04.01.09

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Task
15.4.1.9

Sophos
Generic PUA LK
4.98

VIPRE Antivirus
Threat.4789396
38050

File size:
1.3 MB (1,342,424 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Cinema Go Pro 2.3cV30.11.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\gbhjrpg.exe

Digital Signature
Signed by:
Aussie Labs (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/17/2014 12:00:00 AM

Valid to:
11/17/2015 11:59:59 PM

Subject:
CN=Aussie Labs (BrightCircle Investments Limited), O=Aussie Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
685AE12077846353AA542302DA532ABD

File PE Metadata
Compilation timestamp:
11/30/2014 12:04:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:WUn2YtSmZCrgNe+6NJnxGT1WPwagoKxja801TzcVapS7PTzf:WUlt7s+6NDUWPsoK4OVapS7PTr

Entry address:
0xCB91B

Entry point:
E8, C7, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, FA, E5, 00, 00, 3B, 30, 7C, 07, E8, F1, E5, 00, 00, 8B, 30, E8, E4, E5, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 99, 43, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 40, 78, 52, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 72, 2D, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 40, 78, 52, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 9C, D2...
 
[+]

Entropy:
6.6702

Code size:
943 KB (965,632 bytes)

Scheduled Task
Task name:
GBHJRPG

Trigger:
Logon (Runs on logon)


Remove gbhjrpg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.