home

uninstallbrw.exe

HD Cinema Plus 1.8V23.02

CR7 Team (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application uninstallbrw.exe, “HD Cinema Plus 1.8V23.02 exe” by CR7 Team (Bright Circle Investments) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-74-212.lhr3.r.cloudfront.net on port 80 using the HTTP protocol. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
HD PlusV23.02  (signed by CR7 Team (Bright Circle Investments Ltd))

Product:
HD Cinema Plus 1.8V23.02

Description:
HD Cinema Plus 1.8V23.02 exe

Version:
1000.1000.1000.1000

MD5:
03d1b27ee4cc6724f48547f27b7660f8

SHA-1:
ae987914488b53984b7adc73cb28ea9a5d9ad1c6

SHA-256:
78b7d07a0431f13cf5cc0901d8ca623acaf887a56802d6cff643962e5e4c68c4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 5:02:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.BrightCircle.CR7TeamBrightCircleInvestments.Installer (M)
16.2.3.2

File size:
1.1 MB (1,181,136 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HD Cinema Plus 1.8V23.02.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\hd cinema plus 1.8v23.02\uninstallbrw.exe

Digital Signature
Signed by:
CR7 Team (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 1:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=CR7 Team (Bright Circle Investments Ltd), O=CR7 Team (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FBFD4A5FBC2F4538E5DF7603F1B0A48C

File PE Metadata
Compilation timestamp:
2/23/2015 12:05:33 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:b76rBQxGa0iUxxzzDECDBTrTSksGQc/OirKuYm0TGpSC4fckU+7xACnt7p/q3akF:SrCB0FVECDBOkzrDYLTGpSCCJU+7xACu

Entry address:
0x9331D

Entry point:
E8, AE, FE, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 58, 69, 50, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 31, 50, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 58, 69, 50, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Code size:
737 KB (754,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-51-158.jfk5.r.cloudfront.net  (54.230.51.158:80)

TCP (HTTP):
Connects to server-52-85-74-75.lhr3.r.cloudfront.net  (52.85.74.75:80)

TCP (HTTP):
Connects to server-52-85-74-219.lhr3.r.cloudfront.net  (52.85.74.219:80)

TCP (HTTP):
Connects to server-52-85-74-152.lhr3.r.cloudfront.net  (52.85.74.152:80)

TCP (HTTP):
Connects to server-52-85-74-212.lhr3.r.cloudfront.net  (52.85.74.212:80)

TCP (HTTP):
Connects to server-52-85-63-77.lhr50.r.cloudfront.net  (52.85.63.77:80)

TCP (HTTP):
Connects to server-52-85-63-75.lhr50.r.cloudfront.net  (52.85.63.75:80)

TCP (HTTP):
Connects to server-52-85-63-172.lhr50.r.cloudfront.net  (52.85.63.172:80)

Remove uninstallbrw.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.