» winservice86-bg.exe
Overview
Analysis
File Details
Programs (1)

winservice86-bg.exe

winservice86

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application winservice86-bg.exe by Berta Brid Eco has been detected as adware by 13 anti-malware scanners. This file is typically installed with the program winservice86 by Monkey Code Lab which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

winservice86-bg.exe

Publisher:

Corporate Inc (signed by Berta Brid Eco)

Product:

winservice86

Description:

winservice86 exe

Version:

1000.1000.1000.1000

MD5:

d729fe0467ea52f7b299dc80276e35fb

SHA-1:

76c17025f86cfa31433e10aaff17727e794ffa82

SHA-256:

1dec39a0ae9c0738ae35d089dcdae64fe07a8865dabdc4c2eb406e78f2c29493

Scanner detections:

13 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Berta Brid Eco.

Analysis date:

4/26/2024 2:50:28 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2014.10.25

Avira AntiVirus

ADWARE/CrossRider.Gen7

7.11.181.44

AVG

Berta

2015.0.3311

Baidu Antivirus

PUA.Win32.CrossRider

4.0.3.141025

Dr.Web

Trojan.Crossrider.33352

9.0.1.05190

ESET NOD32

Win32/Toolbar.CrossRider.AL potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.WinService.A

v2014.10.25.07

NANO AntiVirus

Trojan.Win32.GoogUpdate.dfhwcw

0.28.2.62841

Reason Heuristics

PUP.Crossrider.BertaBridEco.P

14.10.25.7

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.141023

Vba32 AntiVirus

Trojan.GoogUpdate

3.12.26.3

VIPRE Antivirus

Threat.4789396

34232

Zillya! Antivirus

Trojan.GoogUpdate.Win32.3332

2.0.0.1966

File size:

561.4 KB (574,872 bytes)

Product version:

1000.1000.1000.1000

Original file name:

winservice86.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\winservice86\winservice86-bg.exe

Digital Signature

Signed by:

Berta Brid Eco

Authority:

COMODO CA Limited

Valid from:

8/14/2014 2:00:00 AM

Valid to:

8/15/2015 1:59:59 AM

Subject:

CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata

Compilation timestamp:

9/17/2014 7:39:47 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:J+pLzAkGr+reAxL0iP1xUUp+xaOiXakemG5OQRmI4Q/WwKuTBoEsd5ijWS:SreAxL0iPzo8aoG5OQRgRjuTeE6u

Entry address:

0x4B878

Entry point:

E8, 5F, CC, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, 59, 48, 00, E8, 52, 49, 00, 00, E8, C6, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, F2, CB, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 70, 51, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

438 KB (448,512 bytes)

The file winservice86-bg.exe has been discovered within the following program.

winservice86 by Monkey Code Lab

80% remove it

Remove winservice86-bg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.