home

shakti__remember_shakti.exe

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application shakti__remember_shakti.exe by Berta Brid Eco has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Berta Brid Eco  (signed and verified)

MD5:
768bfcefe7c61accfaf191bf671c6c82

SHA-1:
6b671bc420c26dd44428397d39b13402cc19bcf9

SHA-256:
0d8be92ba5e3d9a54899c1d5633643bfe06e9d57e8aaac19aecab969175ec649

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer. Distributed through the Brightcircle investments brand.

Analysis date:
4/25/2024 1:09:52 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/CoolMirage.Gen
7.11.168.226

Baidu Antivirus
Trojan.Win32.1ClickDownload
4.0.3.14823

ESET NOD32
Win32/AdWare.1ClickDownload.AT
8.10299

G Data
NSIS.Application.OneClickDownloader
14.8.24

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.08.23.01

Reason Heuristics
PUP.BertaBridEco.DD
14.8.25.1

Sophos
FT Downloader
4.98

File size:
419 KB (429,104 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\shakti__remember_shakti.exe

Digital Signature
Signed by:
Berta Brid Eco

Authority:
COMODO CA Limited

Valid from:
8/14/2014 5:30:00 AM

Valid to:
8/15/2015 5:29:59 AM

Subject:
CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata
Compilation timestamp:
12/6/2009 4:20:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:WsA7ri0vUk8KGvHAYbv7tgk8zOWVUIrEYF/04QZicQYhXKb5K1udWY:iri0v18KGPAY3yk8zOWHFM46XKb5eMW

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8991

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file shakti__remember_shakti.exe has been seen being distributed by the following 50 URLs.

http://www.torntv-downloader.com/.../Sex_Tape_2014_DVDRip_Xvid-ARROW.exe

http://www.torntv-dl.net/.../Various_Artists_-_Nashville_Outlaws_-_A_Tribute_to_Montley_Crue_[2014_ALBUM].exe

http://www.torntv-dl.net/.../Need_For_Speed_Inceputuri_(2014)_1080p_BrRip_x264_-_YIFY.exe

http://www.torntv-dl.net/.../Last_Window_The_Secret_Of_Cape_West_rar.exe

http://www.torntv-dl.net/.../sold_or_be_sold_Full.exe

http://www.torntv-dl.net/.../Hercules_2014_Hindi_1CD_ScamRIp_x264_MP3_Team_DDH_RG.exe

http://www.torntv-dl.net/.../Mastering_AutoCAD_Civil_3D_2014_by_Louisa_Holland_(Perseu).exe

http://www.torntv-dl.net/.../The_Dark_Knight_Rises_(2012).exe

http://www.torntv-dl.net/.../Into_The_Storm_2014_720p_HDCAM_NEW_VIDEO_SOURCE_x264_Pimp4003.exe

http://www.torntv-dl.net/.../post_prom_Full.exe

http://www.torntv-dl.net/.../YourDownload.exe

http://www.torntv-downloader.com/.../GetData_Recover_My_Files_Pro_5.2.1.1964___Crack_(Alladin_X).exe

http://www.torntv-dl.net/.../Pocahontas[DVDRip][1995].exe

http://www.torntv-dl.net/.../Grown_Ups_*2010*_[DVDRip_XviD-miguel]_[ENG].exe

http://www.torntv-dl.net/.../Nissan_SR20DET_Engine_Rebuild.exe

http://www.torntv-dl.net/.../Anno_2070-RELOADED.exe

http://www.torntv-dl.net/.../Subway_Surfers_(2012)_!PC!.exe

http://www.torntv-downloader.com/.../Star_Vijay_Mahabharatham_in_Tamil.exe

http://www.torntv-dl.net/.../Kuroyuri_danchi_(2013)_DVDRip_XviD.exe

http://www.torntv-dl.net/.../Majesty_2_[PL].exe

http://www.torntv-dl.net/.../Total_War_ROME_II_RELOADED.exe

http://www.torntv-downloader.com/.../torrent.exe

http://www.torntv-dl.net/.../pacific_sun_big_rig_bears.exe

http://www.torntv-dl.net/.../The_Girl_with_All_the_Gifts_M_R_Carey_epub.exe

http://www.torntv-dl.net/.../The_Babadook_2014_720p_BRRip_x264_DTS_HD.exe

http://www.torntv-dl.net/.../Justin_Timberlake_Live_Madison_Square_Garden_2007_1080p_5_1.exe

http://www.torntv-dl.net/.../Suits_S03E01_Season_3_Episode_1_HDTV_x264_GlowGaze_Com.exe

http://www.torntv-dl.net/.../Shameless_US_S04E10_HDTV_x264-LOL[ettv].exe

http://www.torntv-dl.net/.../Its_Entertainment_[2014]_(New_Source)_DvDScr_X264_AAC_-_xRG.exe

http://www.torntv-dl.net/.../Palo.Alto.2013.720p.WEB-DL.DD5.1.H264-RARBG.exe

Latest 30 of 57 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-18-104-209.us-west-1.compute.amazonaws.com  (50.18.104.209:80)

TCP (HTTP):
Connects to ec2-176-34-177-58.eu-west-1.compute.amazonaws.com  (176.34.177.58:80)

Remove shakti__remember_shakti.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.