home

ashampoo_anti-virus_2014_v1.05_[superrubens].exe

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application ashampoo_anti-virus_2014_v1.05_[superrubens].exe by Berta Brid Eco has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Berta Brid Eco  (signed and verified)

MD5:
62473573f49e015d0ea54a1e1ba48d68

SHA-1:
d664e5c81091dd3015473c94fb77d8a664f6ef1b

SHA-256:
ff077caba46db79a27647473f03c03cb9f7099ea23fe8e5e0729521eedb141ce

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
6/16/2024 9:21:58 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/CoolMirage.Gen
7.11.168.138

G Data
NSIS.Application.OneClickDownloader
14.8.24

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.08.21.08

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.BertaBridEco.l
14.8.25.1

Sophos
FT Downloader
4.98

File size:
418.8 KB (428,832 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\ashampoo_anti-virus_2014_v1.05_[superrubens].exe

Digital Signature
Signed by:
Berta Brid Eco

Authority:
COMODO CA Limited

Valid from:
8/14/2014 12:00:00 AM

Valid to:
8/14/2015 11:59:59 PM

Subject:
CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:hKHWsv3WOUEMdLVwAu1DKSi0+glCM7+xuB6gZ:wRPZUjKRDKSi0+mCYt

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file ashampoo_anti-virus_2014_v1.05_[superrubens].exe has been seen being distributed by the following 13 URLs.

http://www.torntv-dl.net/.../Go_Goa_Gone_2013_Hindi_DvDScr_XviD_AC3_xRG.exe

http://www.torntv-dl.net/.../Noe[2014]DVDRip_FRENCH_XviD[www_Cpasbien_me].exe

http://www.torntv-dl.net/.../Gomorra_-_La_serie_-_stagione_1_completa_-_ITA.exe

http://www.torntv-dl.net/.../Dino_Run_MAC_zip.exe

http://www.torntv-dl.net/.../YourDownload.exe

http://www.torntv-dl.net/.../Humpty_Sharma_Ki_Dulhania_2014_720p_DvDRip_x264_AAC_Hon3y.exe

http://www.torntv-dl.net/.../Caballo.de.Troya.Jerusalen.J.J.Benitez.torrent.exe

http://www.torntv-dl.net/.../Microsoft_Office_Word_2007.exe

http://www.torntv-dl.net/.../manger_audiophile_cd_test_Direct.exe

http://www.torntv-dl.net/.../officio_assassinorum_codex_Full.exe

http://www.torntv-dl.net/.../Adobe_Photoshop_Lightroom_5.exe

http://www.torntv-dl.net/.../sniperspy_free_download_full_version_with_crack_Direct.exe

http://www.torntv-dl.net/.../M_Giggy_-_Boogie_Wonderland_Remix_Blingblung_2013.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.