home

ygob.exe

HQ Cinema Video 1.8V14.12

BadFinger Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ygob.exe, “HQ Cinema Video 1.8V14.12 exe” by BadFinger Project (BrightCircle Investments Limited) has been detected as adware by 21 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
HQ VideoV14.12  (signed by BadFinger Project (BrightCircle Investments Limited))

Product:
HQ Cinema Video 1.8V14.12

Description:
HQ Cinema Video 1.8V14.12 exe

Version:
1000.1000.1000.1000

MD5:
e50a440353e4380f9e95916f38070889

SHA-1:
a2417e4be149af9f2bd1399992d8f5307d9782aa

SHA-256:
b9bbaf21b8e82c875a38f88a11a4bd76ffa866a92c5e8856fc05a133eb656122

Scanner detections:
21 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/16/2024 9:14:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Heur.tv1@kiDMNimO
6127378

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.195.194

avast!
Win32:Adware-gen [Adw]
141214-1

AVG
Generic
2015.0.3260

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.141219

Bitdefender
Gen:Application.Heur.tv1@kiDMNimO
1.0.20.1745

Dr.Web
Trojan.Crossrider.47274
9.0.1.0353

Emsisoft Anti-Malware
Gen:Application.Heur.tv1@kiDMNimO
9.0.0.4668

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/Adwapper
12/19/2014

F-Secure
Riskware.Gen:Application.Heur.tv1@kiDMNimO
5.13.68

G Data
Gen:Application.Heur.tv1@kiDMNimO
14.12.24

IKARUS anti.virus
PUA.Toolbar.CrossRider
t3scan.1.8.5.0

Kaspersky
not-a-virus:AdWare.NSIS.Adwapper
15.0.0.543

Malwarebytes
PUP.Optional.CrossRider.A
v2014.12.15.09

MicroWorld eScan
Gen:Application.Heur.tv1@kiDMNimO
15.0.0.1047

Norman
Gen:Application.Heur.tv1@kiDMNimO
04.12.2014 14:30:06

Panda Antivirus
Generic Suspicious
14.12.15.09

Qihoo 360 Security
Win32/Application.BO.6ee
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Task.E
14.12.15.8

Sophos
Generic PUA HA
4.98

File size:
1.3 MB (1,375,712 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HQ Cinema Video 1.8V14.12.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\ygob.exe

Digital Signature
Signed by:
BadFinger Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/17/2014 8:00:00 AM

Valid to:
11/18/2015 7:59:59 AM

Subject:
CN=BadFinger Project (BrightCircle Investments Limited), O=BadFinger Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6623FAFCAC357577A31D90C1E567E9A7

File PE Metadata
Compilation timestamp:
12/14/2014 1:04:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:VqZGi3O2z4dQrG65GToZqvaG4Zx9762sjNImnx5jPxD44fTgFUJydpSMVi/TPvZR:Vq8F2coM2UaXhsTnVD9fTSgydpSMVi/D

Entry address:
0xD1ABB

Entry point:
E8, C7, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, FA, E5, 00, 00, 3B, 30, 7C, 07, E8, F1, E5, 00, 00, 8B, 30, E8, E4, E5, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, 99, 43, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 20, 32, 53, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 72, 2D, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 20, 32, 53, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 9C, D2...
 
[+]

Entropy:
6.6876

Code size:
985.5 KB (1,009,152 bytes)

Scheduled Task
Task name:
YGOB

Trigger:
Logon (Runs on logon)


Remove ygob.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.