» uninstall.exe
Overview
Analysis
File Details
Programs (1)

uninstall.exe

Selecao Technologies (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by Selecao Technologies (Bright Circle Investments) has been detected as adware by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. This file is typically installed with the program I - Cinema by Bright circle investments Ltd. which is a potentially unwanted software program. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

uninstall.exe

Publisher:

Selecao Technologies (Bright Circle Investments Ltd) (signed and verified)

MD5:

586d7ee3b836887f937813d5a764eda9

SHA-1:

d2c3fa4d0f9e7386fa1409f832c8c5b7a81fe5f4

SHA-256:

9365875acb25a7ee07df4502866b6084cabfd716eb43876b736151bb49b4ea4c

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/27/2024 1:38:48 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Heur.gqX@lS5Jvwii

701

Avira AntiVirus

Adware/CrossRider.A.16669

7.11.206.190

avast!

Win32:Malware-gen

2014.9-150305

AVG

Generic

2016.0.3179

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.1535

Bitdefender

Gen:Application.Heur.gqX@libDe@gi

1.0.20.320

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.InstallCore.GIFI

20852

ESET NOD32

Win32/Toolbar.CrossRider.BM potentially unwanted (variant)

9.11116

Fortinet FortiGate

Riskware/CrossRider

3/5/2015

F-Prot

W32/S-440413f3

v6.4.7.1.166

F-Secure

Gen:Application.Heur.gqX@lS5Jvwii

11.2015-05-03_5

G Data

Gen:Application.Heur.gqX@libDe@gi

15.3.24

K7 AntiVirus

Trojan

13.193.14846

Kaspersky

not-a-virus:WebToolbar.Win32.CrossRider

14.0.0.2391

McAfee

Artemis!586D7EE3B836

5600.6835

MicroWorld eScan

Gen:Application.Heur.gqX@libDe@gi

16.0.0.192

Panda Antivirus

Generic Suspicious

15.03.05.08

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.Brightcircle

15.3.5.20

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.15303

Sophos

Generic PUA NC

4.98

VIPRE Antivirus

Crossrider

37220

File size:

108 KB (110,568 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\i - cinema\uninstall.exe

Digital Signature

Signed by:

Selecao Technologies (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 1:00:00 AM

Valid to:

12/17/2015 12:59:59 AM

Subject:

CN=Selecao Technologies (Bright Circle Investments Ltd), O=Selecao Technologies (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

3F2791037D410A199539AA4A99F7DEB3

File PE Metadata

Compilation timestamp:

1/26/2015 12:04:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:iP6TIkD0ocpuAHHMHwVwiKFvAy1qPwsFclNRusWjcdpFfMyRwICuW:i4pLHHnvZ1IqTxpFf9RtCu

Entry address:

0x9536

Entry point:

E8, 26, 5D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 93, 41, 00, E8, 24, 0A, 00, 00, E8, 59, 31, 00, 00, 0F, B7, F0, 6A, 02, E8, B9, 5C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 9A, 56, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

73 KB (74,752 bytes)

The file uninstall.exe has been discovered within the following program.

I - Cinema by Bright circle investments Ltd.

i - cinema is a web browser extension that injects display advertising in the user's browser. Ads are displayed in the form of banners and contextual text-links and are both injected in white space areas of the HTML page or over existing ads of the underlying web site.

88% remove it

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.