home

uninstall.exe

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstall.exe by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 22 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. This is the uninstaller utility registered in the Windows Control Panel for the program HDtubeV1.6V15.12 by HDTubeV15.12. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
BadFinger Project (BrightCircle Investments Limited)  (signed and verified)

MD5:
257425f09539a78454bf1e861dcd258a

SHA-1:
e55fe085170423bdf35872d41184ea35e2955d04

SHA-256:
49889d18580f91c5610889a0bcdc7aec93078a6f7f6f2886ad8aa9c837f4c2ef

Scanner detections:
22 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
4/26/2024 5:27:39 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.hqX@lKkLmPmi
6135001

AhnLab V3 Security
Win-PUP/CrossRider
2014.12.19

Avira AntiVirus
Adware/CrossRider.120800.1
7.11.196.146

avast!
Win32:Adware-gen [Adw]
141214-1

AVG
Generic
2015.0.3259

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141219

Bitdefender
Gen:Application.Heur.hqX@lKkLmPmi
1.0.20.1745

Emsisoft Anti-Malware
Gen:Application.Heur.hqX@lKkLmPmi
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/GoogUpdate.BM!tr
12/19/2014

F-Secure
Riskware.Gen:Application.Heur.hqX@lKkLmPmi
5.13.68

G Data
Gen:Application.Heur.hqX@lKkLmPmi
14.12.24

K7 AntiVirus
Unwanted-Program
13.188.14380

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

McAfee
Trojan.Artemis!AF6D6725F3B1
5600.6912

MicroWorld eScan
Gen:Application.Heur.hqX@lKkLmPmi
15.0.0.1047

Norman
Gen:Application.Heur.hqX@lKkLmPmi
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.15.03

Qihoo 360 Security
Win32/Virus.Adware.8ba
1.0.0.1015

Reason Heuristics
PUP.BadFingerProjectBrightCircleInvestmentsLimited.J
14.12.15.15

Sophos
Generic PUA OJ
4.98

VIPRE Antivirus
Threat.4150696
35418

File size:
118 KB (120,800 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hdtubev1.6v15.12\uninstall.exe

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/17/2014 1:00:00 AM

Valid to:
11/18/2015 12:59:59 AM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/15/2014 12:04:29 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:MMDCgIxRhRIMlnWAjfMGD6zdv/mlcqSDDeYcFLF1sWjcdK98+UqbXc:d2hqJ2fNbxS/OLY+8+UqLc

Entry address:
0x8A3C

Entry point:
E8, D0, 66, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 40, B2, 41, 00, E8, 1E, 0A, 00, 00, E8, 97, 3C, 00, 00, 0F, B7, F0, 6A, 02, E8, 63, 66, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 44, 60, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
82.5 KB (84,480 bytes)

Program Uninstaller
Program name:
HDtubeV1.6V15.12

Display publisher:
HDTubeV15.12

Display version:
1.35.11.26

Uninstall string:
C:\Program Files (x86)\HDtubeV1.6V15.12\Uninstall.exe /fcp=1


Remove uninstall.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.