» tvxusq.exe
Overview
Analysis
File Details
Behaviors (1)

tvxusq.exe

Cinema Go Pro 2.3cV30.11

Aussie Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application tvxusq.exe, “Cinema Go Pro 2.3cV30.11 exe” by Aussie Labs (BrightCircle Investments Limited) has been detected as adware by 27 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named TVXUSQ triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

tvxusq.exe

Publisher:

Cinema ProV30.11 (signed by Aussie Labs (BrightCircle Investments Limited))

Product:

Cinema Go Pro 2.3cV30.11

Description:

Cinema Go Pro 2.3cV30.11 exe

Version:

1000.1000.1000.1000

MD5:

082ac13147e28853e3861bce7c97733b

SHA-1:

90f0d07d7aa4fcbb28535d76f1126c79ca08b3d0

SHA-256:

6a266dac632b71ce9056d392cafab66e766beee08f33cad58a1cf9e8cf898725

Scanner detections:

27 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

4/25/2024 8:14:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.Vv1@kOnAq5gO

675

AhnLab V3 Security

PUP/Win32.CrossRider

2014.12.10

Avira AntiVirus

Adware/CrossRider.KI

7.11.193.210

avast!

Win32:Trojan-gen

2014.9-150401

AVG

Generic

2016.0.3153

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.1541

Bitdefender

Gen:Application.Heur.Vv1@kuNClgkO

1.0.20.455

Comodo Security

Application.Win32.Plush.GRI

20319

Dr.Web

Trojan.Crossrider.45123

9.0.1.091

Emsisoft Anti-Malware

Gen:Application.Heur.Vv1@kOnAq5gO

8.15.07.06.05

ESET NOD32

Win32/Toolbar.CrossRider.BN potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Adware/Adwapper

4/1/2015

F-Secure

Gen:Application.Heur.Vv1@kuNClgkO

11.2015-01-04_4

G Data

Gen:Application.Heur.Vv1@kuNClgkO

15.4.24

herdProtect (fuzzy)

variant of 4e60713e-7b70-4626-8747-5ab664100304-11.exe (Adware)

2015.7.6.5

IKARUS anti.virus

PUA.Toolbar.CrossRider

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.186.14280

Kaspersky

not-a-virus:AdWare.NSIS.Adwapper

14.0.0.2258

Malwarebytes

PUP.Optional.CinemaGoPro.A

v2015.04.01.09

McAfee

Artemis!082AC13147E2

5600.6809

MicroWorld eScan

Gen:Application.Heur.Vv1@kOnAq5gO

16.0.0.273

NANO AntiVirus

Riskware.Win32.Crossrider.djppkx

0.28.6.63850

Norman

Gen:Application.Heur.Vv1@kOnAq5gO

11.20150706

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Adware.BrightCircle.Task

15.4.1.9

Sophos

Generic PUA JA

4.98

VIPRE Antivirus

Threat.4789396

35418

File size:

1.7 MB (1,819,608 bytes)

Product version:

1000.1000.1000.1000

Original file name:

Cinema Go Pro 2.3cV30.11.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\tvxusq.exe

Digital Signature

Signed by:

Aussie Labs (BrightCircle Investments Limited)

Authority:

COMODO CA Limited

Valid from:

11/17/2014 12:00:00 AM

Valid to:

11/17/2015 11:59:59 PM

Subject:

CN=Aussie Labs (BrightCircle Investments Limited), O=Aussie Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

685AE12077846353AA542302DA532ABD

File PE Metadata

Compilation timestamp:

11/30/2014 12:05:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:vm0+CRMVuWbLZ5jD0pSXfTYNYndZ1V1Dzd:2ClyLZ5jxfnn

Entry address:

0xCEF44

Entry point:

E8, 5E, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 91, E5, 00, 00, 3B, 30, 7C, 07, E8, 88, E5, 00, 00, 8B, 30, E8, 7B, E5, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, C0, 43, 00, 00, 8B, F0, 85, F6, 75, 07, B8, A0, D2, 52, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 69, 2D, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, A0, D2, 52, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 33, D2... 
[+]

Entropy:

6.8887

Code size:

964 KB (987,136 bytes)

Scheduled Task

Task name:

TVXUSQ

Trigger:

Logon (Runs on logon)

Remove tvxusq.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.