home

jnappxbj.exe

CinemaDigitalPro 1.4V13.12

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application jnappxbj.exe, “CinemaDigitalPro 1.4V13.12 exe” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named JNAPPXBJ triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Cinema ProV13.12  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
CinemaDigitalPro 1.4V13.12

Description:
CinemaDigitalPro 1.4V13.12 exe

Version:
1000.1000.1000.1000

MD5:
08e9557e7fb03167520ad8fca67ba746

SHA-1:
e0c17becf76a58b48afcaa30bb9945c66fa96f82

SHA-256:
c5d71f816ca6fea9abfe98d005efb7128ead22e51c12317590544e839b7ba642

Scanner detections:
21 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/19/2024 9:26:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.7v1@kOhZd2kO
6129878

avast!
Win32:Adware-gen [Adw]
141130-1

AVG
Generic
2015.0.3261

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141219

Bitdefender
Gen:Application.Heur.7v1@kOhZd2kO
1.0.20.1740

Comodo Security
Application.Win32.Plush.GRI
20366

Dr.Web
Trojan.Crossrider.47076
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Heur.7v1@kOhZd2kO
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.7v1@kOhZd2kO
5.13.68

G Data
Gen:Application.Heur.7v1@kOhZd2kO
14.12.24

IKARUS anti.virus
not-a-virus:AdWare.Adwapper
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.187.14319

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.CinemaDigitalPro.A
v2014.12.14.11

MicroWorld eScan
Gen:Application.Heur.7v1@kOhZd2kO
15.0.0.1044

Norman
Gen:Application.Heur.7v1@kOhZd2kO
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.14.11

Qihoo 360 Security
Win32/Application.dc6
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Task.I
14.12.14.11

Sophos
Generic PUA GE
4.98

File size:
1.9 MB (2,031,072 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaDigitalPro 1.4V13.12.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\jnappxbj.exe

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/17/2014 12:00:00 AM

Valid to:
11/17/2015 11:59:59 PM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/13/2014 11:05:39 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:dux1UnKTRyyJDd+aZ17xtQTvspSthTBZ1V1Dzi:nnsy2ztQBc

Entry address:
0xF8291

Entry point:
E8, 5F, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 92, FE, 00, 00, 3B, 30, 7C, 07, E8, 89, FE, 00, 00, 8B, 30, E8, 7C, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 40, 31, 56, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 40, 31, 56, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, F6, EA...
 
[+]

Entropy:
6.8709

Code size:
1.1 MB (1,204,224 bytes)

Scheduled Task
Task name:
JNAPPXBJ

Trigger:
Logon (Runs on logon)


Remove jnappxbj.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.