NightWish Center (Bright Circle Investments Ltd) is a software publisher located in Nicosia, CY*. The company is a primary distributor of unwanted software. Part of the Brightcircle group of adware web browser extensions that utilize the Crossrider framework. These extensions are also known as Freven and are designed to utilize the framework in order to inject advertising banners in the underlying web browsers white space or by overlaying new ads over existing ones. Brightcircle distributes its software through malvertising practices such as displaying web pages taht tell the user that various core Windows software is out-dated and needs updating as well as drive-by downloads.
Authority:
COMODO CA Limited
Valid from:
12/15/2014 10:00:00 PM
Valid to:
12/16/2015 9:59:59 PM
Subject:
CN=NightWish Center (Bright Circle Investments Ltd), O=NightWish Center (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY
Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number:
00b30349e6ad66949988b51360f031bfb4
Scanner detections:
Detections (100% detected)
Scan engine
Details
Detections
Reason Heuristics
Adware.BrightCircle.NightWishCenterBrightCircleInvestments, Adware.BrightCircle.Installer, Adware.BrightCircle.Task, Adware.BrightCircle.NightWishCenterBrightCircleInvestments (M), Adware.BrightCircle.NightWis (M), Adware.BrightCircle (M)
100.00%
VIPRE Antivirus
Crossrider, Threat.4789396
90.91%
AhnLab V3 Security
PUP/Win32.CrossRider
88.64%
AVG
Crossrider, Win32/DH{gRITfWUDICIlV05kAA}, Win32/DH{gRITfWUDICIlV04A}, Win.Threat.High, Generic12_c
88.64%
Baidu Antivirus
PUA.Win32.CrossRider, Adware.Win32.CrossAd
86.36%
avast!
Win32:PUP-gen [PUP], Win32:Malware-gen, Win32:Crossrider-DU [PUP]
84.09%
herdProtect (fuzzy)
a variant of 2a47c913c7a0765a08c88915dd304230c3cf0a3a, a variant of 97cf60513f9d4d8f9cff8b7c8a213922f139b09a, a variant of 31f34089629ee368510a58aa2769b6b459267b3e
84.09%
Kaspersky
HEUR:Trojan-Downloader.Win32.Generic, not-a-virus:WebToolbar.Win32.CrossRider
81.82%
Sophos
Generic PUA EJ, Generic PUA MD, PUA 'AppRider' (of type Adware), Generic PUA HO, Generic PUA GG, Generic PUA PI, Generic PUA NE
81.82%
ESET NOD32
Win32/Toolbar.CrossRider.BM (variant), Win32/Toolbar.CrossRider.CH potentially unwanted (variant), Win32/Toolbar.CrossRider.BM potentially unwanted (variant)
79.55%
1 / 68 (Adware)
1874.exe (2eb6fd7271a3a746de405dbfac26db72) 25 / 68 (Adware)
6950.exe (703af1b44aef3ec3df0afe4928f8de90) 22 / 68 (Adware)
3809.exe (2c73fbb63b80797b8517e008409e268b) 29 / 68 (Adware)
9322.exe (b7efc56e38d01f39b4bcdef23a54f3a7) 24 / 68 (Adware)
3389.exe (499e82b3ed7a02548e3cccfc4fc53b69) 15 / 68 (Adware)
581.exe (604e77260c938cfae9a5d01230c3bed1) 17 / 68 (Adware)
799.exe (cb8634a12ed86e42d41c4031878ada8b) 17 / 68 (Adware)
6967.exe (66dcb6c020db38df2427c1c64c1d0421) 15 / 68 (Adware)
5310.exe (cfffca0ac6cdbccdbdf400b6c37394a2) 15 / 68 (Adware)
9700.exe (2f5b7e8e3b2672c0ac510611de30e236) 16 / 68 (Adware)
4481.exe (d9f155dfa0e6a5f7681c0501d1361c0a) 12 / 68 (Adware)
2294.exe (78eaee6b9f99f80adf70ac466fe81840) 12 / 68 (Adware)
8861.exe (3b26bbaa2d47830f1d8093d4445fa3d1) 17 / 68 (Adware)
4174.exe (c73faad71797eadd702126581723d681) Downloads URLs for files signed by NightWish Center (Bright Circle Investments Ltd).
Distribution
The following websites host and distribute files published by NightWish Center (Bright Circle Investments Ltd).
The following publishers (by Authenticode signature organization name) are related.
* Note, the details and description above are based on the code signing digital signature issued to NightWish Center (Bright Circle Investments Ltd) by COMODO CA Limited on December 15, 2014 with the serial number '00b30349e6ad66949988b51360f031bfb4'.