home

uninstall.exe

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by ColoColo Apps (Bright Circle Investments) has been detected as adware by 13 anti-malware scanners. This is the uninstaller utility registered in the Windows Control Panel for the program Cinemax Video 1.9cV01.02 by Cinema VideoV01.02. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
ColoColo Apps (Bright Circle Investments Ltd)  (signed and verified)

MD5:
e56f027ef3fe2ccc2aa2db5feb5d7466

SHA-1:
cfcaa376a2ca78212b96f10d8fbad8b91a7f7364

SHA-256:
fbedc5f46082a89dee04e8212cf8a48410e24b9ceae13f1a75afc94dcb354f8b

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/23/2024 4:05:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.hqX@lym3Gegi
6505014

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.1521

Bitdefender
Gen:Application.Heur.hqX@lym3Gegi
1.0.20.160

Comodo Security
Application.Win32.InstallCore.GIFI
20920

Emsisoft Anti-Malware
Gen:Application.Heur.hqX@lym3Gegi
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Application.Heur.hqX@lym3Gegi
5.13.68

G Data
Gen:Application.Heur.hqX@lym3Gegi
15.2.25

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
15.0.0.543

MicroWorld eScan
Gen:Application.Heur.hqX@lym3Gegi
16.0.0.96

Reason Heuristics
PUP.Brightcircle
15.2.10.11

Rising Antivirus
PE:Malware.Obscure!1.9C59
23.00.65.15130

VIPRE Antivirus
Threat.4789396
36694

File size:
123 KB (125,912 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\cinemax video 1.9cv01.02\uninstall.exe

Digital Signature
Signed by:
ColoColo Apps (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 12:00:00 AM

Valid to:
12/16/2015 11:59:59 PM

Subject:
CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata
Compilation timestamp:
1/31/2015 11:04:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:j2QNTvk+l3QISYo4ULptLhE/J2235ChYbTTEZtJllycIMcKaDCbHmFJc1ZdsWjcO:a6k+lAXtS223oweQ4ZiQVr0nC

Entry address:
0x966E

Entry point:
E8, 0E, 68, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, C4, 41, 00, E8, 2C, 0A, 00, 00, E8, 33, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, A1, 67, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 82, 61, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.4270

Code size:
87 KB (89,088 bytes)

Program Uninstaller
Program name:
Cinemax Video 1.9cV01.02

Display publisher:
Cinema VideoV01.02

Display version:
1.36.01.22

Uninstall string:
C:\Program Files (x86)\Cinemax Video 1.9cV01.02\Uninstall.exe /fcp=1


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.