home

uninstall.exe

CR7 Team (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by CR7 Team (Bright Circle Investments) has been detected as adware by 28 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program HQCinema Pro 2.1V20.02 by HQ CinemaV20.02. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
CR7 Team (Bright Circle Investments Ltd)  (signed and verified)

MD5:
9f4cea7fe833b60365f4def0116f3c3c

SHA-1:
4f007cdb17414dd5478a928c4dd6e90f2c66f69c

SHA-256:
cbd9800e7167666fdb9bc29b96a7a8e7a33b36bda6499c5fa47cab3565542ed7

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars. Distributed through the Brightcircle investments brand.

Analysis date:
4/19/2024 11:03:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.gqX@lOzpZQli
655

AhnLab V3 Security
PUP/Win32.CrossRider
2015.03.15

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.217.78

avast!
Win32:Adware-gen [Adw]
2014.9-150421

AVG
Generic
2016.0.3133

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15421

Bitdefender
Gen:Application.Heur.gqX@lOzpZQli
1.0.20.555

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallCore.GIFI
21184

Dr.Web
Trojan.Crossrider1.19064
9.0.1.0111

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted (variant)
9.11321

Fortinet FortiGate
Riskware/CrossRider
4/21/2015

F-Prot
W32/S-53d6fe83
v6.4.7.1.166

F-Secure
Gen:Application.Heur.gqX@lOzpZQli
11.2015-21-04_3

G Data
Gen:Application.Heur.gqX@l8bQUZei
15.4.25

K7 AntiVirus
Unwanted-Program
13.200.15263

McAfee
Artemis!9F4CEA7FE833
5600.6789

MicroWorld eScan
Gen:Application.Heur.gqX@lOzpZQli
16.0.0.333

NANO AntiVirus
Riskware.Win32.Crossrider1.dowwcg
0.30.0.296

Panda Antivirus
Generic Suspicious
15.04.21.03

Qihoo 360 Security
Win32/Application.509
1.0.0.1015

Quick Heal
PUA.BrightCircle.OD6
4.15.14.00

Reason Heuristics
Threat.Brightcircle.CR7TeamBrightCircleInvestments
15.4.20.23

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15419

Sophos
Generic PUA EP
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00C615
7.2.111

Trend Micro
TROJ_GEN.F0C2C00C615
10.465.21

VIPRE Antivirus
Crossrider
37820

File size:
104.5 KB (106,960 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hqcinema pro 2.1v20.02\uninstall.exe

Digital Signature
Signed by:
CR7 Team (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/15/2014 4:00:00 PM

Valid to:
12/16/2015 3:59:59 PM

Subject:
CN=CR7 Team (Bright Circle Investments Ltd), O=CR7 Team (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FBFD4A5FBC2F4538E5DF7603F1B0A48C

File PE Metadata
Compilation timestamp:
2/19/2015 9:28:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:EOaizyK90iUfYfU2GSHPCC22e3TUnc1yyT2VsWjcdUQAyggGq:bgK9Lt3PV22ix9CaUQZgg3

Entry address:
0x8D56

Entry point:
E8, E6, 5A, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, 82, 41, 00, E8, 24, 0A, 00, 00, E8, 84, 23, 00, 00, 0F, B7, F0, 6A, 02, E8, 79, 5A, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 5A, 54, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.2987

Code size:
69.5 KB (71,168 bytes)

Program Uninstaller
Program name:
HQCinema Pro 2.1V20.02

Display publisher:
HQ CinemaV20.02

Display version:
1.36.01.22

Uninstall string:
C:\Program Files (x86)\HQCinema Pro 2.1V20.02\Uninstall.exe /fcp=1 /runexe='C:\Program Files (x86)\HQCinema Pro 2.1V20.02\UninstallBrw.exe' /url='http://static.gonotiftime.com/notf_sys/index.html' /br


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.