» mkljegs.exe
Overview
Analysis
File Details
Behaviors (1)

mkljegs.exe

Blondie Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application mkljegs.exe, “Com NotificationV03.03 exe” by Blondie Project (Bright Circle Investments) has been detected as adware by 20 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named MKLJEGS. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

mkljegs.exe

Publisher:

Com NotificationV03.03 (signed by Blondie Project (Bright Circle Investments Ltd))

Product:

Com NotificationV03.03

Description:

Com NotificationV03.03 exe

Version:

1000.1000.1000.1000

MD5:

139202cd8967b206103613839400e18a

SHA-1:

1021108f304117ca01fa59e590a4e47568bd0c56

SHA-256:

d3f753c325de6399a92e1a8d3a33801cf47c4021c36b0d52707a864206100539

Scanner detections:

20 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/18/2024 4:35:13 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.5v1@m0vyjmnO

701

AhnLab V3 Security

PUP/Win32.CrossRider

2015.03.06

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.214.42

avast!

Win32:Malware-gen

2014.9-150306

AVG

Generic

2016.0.3179

Bitdefender

Gen:Application.Heur.5v1@m0vyjmnO

1.0.20.325

Comodo Security

Application.Win32.Plush.GRI

21311

Dr.Web

Trojan.Crossrider1.21680

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Heur.5v1@m0vyjmnO

9.0.0.4799

ESET NOD32

Win32/Toolbar.CrossRider.CB potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Application.Heur.5v1@m0vyjmnO

11.2015-06-03_6

G Data

Gen:Application.Heur.5v1@m0vyjmnO

15.3.25

herdProtect (fuzzy)

variant of xkldsw.exe (Adware)

2015.6.12.18

Malwarebytes

PUP.Optional.SystemNotifier.A

v2015.06.12.06

MicroWorld eScan

Gen:Application.Heur.5v1@m0vyjmnO

16.0.0.195

Norman

Gen:Application.Heur.5v1@k0vyjmnO

03.12.2014 13:20:04

Panda Antivirus

Trj/Genetic.gen

15.03.06.04

Quick Heal

PUA.BrightCircle.OD6

3.15.14.00

Reason Heuristics

Adware.BrightCircle.Task

15.3.6.4

VIPRE Antivirus

Threat.4789396

38050

File size:

1.9 MB (1,986,520 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Com NotificationV03.03.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\mkljegs.exe

Digital Signature

Signed by:

Blondie Project (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/15/2014 4:00:00 PM

Valid to:

12/16/2015 3:59:59 PM

Subject:

CN=Blondie Project (Bright Circle Investments Ltd), O=Blondie Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0903CC287C7EEA81D3C21DBB234D320C

File PE Metadata

Compilation timestamp:

3/2/2015 9:05:30 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:rJBUXe1wZmcqQnH5uQyw4jzAgpSZpTWZ1V1DzB:8Xe6mnCZudw4jIg

Entry address:

0xF3E21

Entry point:

E8, 5D, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 90, FE, 00, 00, 3B, 30, 7C, 07, E8, 87, FE, 00, 00, 8B, 30, E8, 7A, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, E0, 84, 55, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, E0, 84, 55, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, F4, EA... 
[+]

Entropy:

6.8656

Code size:

1.1 MB (1,163,264 bytes)

Scheduled Task

Task name:

MKLJEGS

Remove mkljegs.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.