home

mkzxk.exe

HQ Cinema Video 1.8V14.12

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application mkzxk.exe, “HQ Cinema Video 1.8V14.12 exe” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named MKZXK triggered to execute each time a user logs in. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
HQ VideoV14.12  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
HQ Cinema Video 1.8V14.12

Description:
HQ Cinema Video 1.8V14.12 exe

Version:
1000.1000.1000.1000

MD5:
4214bddfdb41ab7b1a2aad8c8d85d65d

SHA-1:
35d1a9465fd4dc594cec9a6b45477ea9f6c4c522

SHA-256:
dc8dbe20cfaf618b3c958607f833b36a18262d24604b36cc4cfd1896b453389c

Scanner detections:
21 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/25/2024 4:19:02 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.8v1@kWhNtriO
6127378

avast!
Win32:Adware-gen [Adw]
2014.9-141219

AVG
Generic
2015.0.3260

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141219

Bitdefender
Gen:Application.Heur.8v1@kWhNtriO
1.0.20.1745

Comodo Security
Application.Win32.Plush.GRI
20375

Emsisoft Anti-Malware
Gen:Application.Heur.8v1@kWhNtriO
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/Adwapper
12/19/2014

F-Secure
Riskware.Gen:Application.Heur.8v1@kWhNtriO
5.13.68

G Data
Gen:Application.Heur.8v1@kWhNtriO
14.12.24

IKARUS anti.virus
Trojan.GoogUpdate
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.187.14339

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.CrossRider.A
v2014.12.15.09

MicroWorld eScan
Gen:Application.Heur.8v1@kWhNtriO
15.0.0.1047

Norman
Gen:Application.Heur.8v1@kWhNtriO
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.15.09

Qihoo 360 Security
Win32/Application.544
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Task.F
14.12.15.8

Sophos
Generic PUA CB
4.98

File size:
1.9 MB (2,033,120 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HQ Cinema Video 1.8V14.12.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\mkzxk.exe

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/17/2014 8:00:00 AM

Valid to:
11/18/2015 7:59:59 AM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/14/2014 1:05:41 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:z1y2AGK9evAMgdk1iJCBgh1dgXwyYtIpScOXTAJZ1V1Dzn:zmG9vAMgdk1iJCBgLiXwtr0R

Entry address:
0xF9761

Entry point:
E8, 65, FD, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 98, FE, 00, 00, 3B, 30, 7C, 07, E8, 8F, FE, 00, 00, 8B, 30, E8, 82, FE, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 83, 5C, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 50, 3E, 56, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 9D, 2E, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 50, 3E, 56, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, FC, EA...
 
[+]

Entropy:
6.8672

Code size:
1.2 MB (1,206,272 bytes)

Scheduled Task
Task name:
MKZXK

Trigger:
Logon (Runs on logon)


Remove mkzxk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.