home

uninstall.exe

AcDc Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by AcDc Project (BrightCircle Investments Limited) has been detected as adware by 22 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program CinemaHd For Pro 2.4cV08.01 by Cinema HDV08.01. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
AcDc Project (BrightCircle Investments Limited)  (signed and verified)

MD5:
698368b8406b07538c73a03bdc2909d6

SHA-1:
c3482060bb86a6cb79248bb8258a525fedf13a69

SHA-256:
6a3be366c34f682fcb4bfecb19d29fe6c51fe6326c6feaff2e8ce8d66a94167b

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars. Distributed through the Brightcircle investments brand.

Analysis date:
4/25/2024 1:28:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.hqX@lCFdIkdi
6473648

AhnLab V3 Security
PUP/Win32.CrossRider
2015.01.29

Avira AntiVirus
Adware/CrossRid.bqyp
7.11.205.178

AVG
Generic
2016.0.3215

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15128

Bitdefender
Gen:Application.Heur.hqX@lCFdIkdi
1.0.20.140

Comodo Security
Application.Win32.InstallCore.GIFI
20877

Dr.Web
Trojan.Crossrider.59927
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Heur.hqX@lCFdIkdi
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.hqX@lCFdIkdi
5.13.68

G Data
Gen:Application.Heur.hqX@lCFdIkdi
15.1.25

K7 AntiVirus
Unwanted-Program
13.193.14786

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

MicroWorld eScan
Gen:Application.Heur.hqX@lCFdIkdi
16.0.0.84

NANO AntiVirus
Trojan.Win32.Crossrider.dmntpf
0.30.0.65070

Norman
Gen:Application.Heur.hqX@lCFdIkdi
02.01.2015 13:58:24

Panda Antivirus
Generic Suspicious
15.01.28.12

Reason Heuristics
PUP.Brightcircle
15.1.28.12

Sophos
AppRider
4.98

VIPRE Antivirus
Threat.4789396
36694

Zillya! Antivirus
Adware.CrossRider.Win32.1713
2.0.0.2048

File size:
116.5 KB (119,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cinemahd for pro 2.4cv08.01\uninstall.exe

Digital Signature
Signed by:
AcDc Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/30/2014 6:00:00 PM

Valid to:
12/1/2015 5:59:59 PM

Subject:
CN=AcDc Project (BrightCircle Investments Limited), O=AcDc Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BB5CB272841409598560E8776848BBF4

File PE Metadata
Compilation timestamp:
1/7/2015 5:04:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:RjY6EG28vj/P06zmMNUIwLEBktNEfq/KB1EY/HNOkzAnclavsWjcdyRacu:NX2mhhhwISKqe/tiCTyRac

Entry address:
0x894D

Entry point:
E8, C1, 65, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E0, B1, 41, 00, E8, 2D, 0A, 00, 00, E8, 8D, 23, 00, 00, 0F, B7, F0, 6A, 02, E8, 54, 65, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 35, 5F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4099

Code size:
81.5 KB (83,456 bytes)

Program Uninstaller
Program name:
CinemaHd For Pro 2.4cV08.01

Display publisher:
Cinema HDV08.01

Display version:
1.35.12.18

Uninstall string:
C:\Program Files (x86)\CinemaHd For Pro 2.4cV08.01\Uninstall.exe /fcp=1


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.