330117338e3e80ae0b00b3070d5c13328559f94410a740f851784cf7f628ecf3

Porter Studio Plus

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The file 330117338e3e80ae0b00b3070d5c13328559f94410a740f851784cf7f628ecf3 by Porter Studio Plus has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Fghggim & co.  (signed by Porter Studio Plus)

Description:
Qzipjgloz

Version:
22.9.9.20

MD5:
ac80ba252e583c3dafa4689fde21d145

SHA-1:
a84b0f925329a7dc171919c1ffa5a03d6f0d1dfc

SHA-256:
330117338e3e80ae0b00b3070d5c13328559f94410a740f851784cf7f628ecf3

Scanner detections:
12 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
12/25/2024 4:59:51 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.11517200
7.11.183.170

AVG
Generic
2016.0.3088

Clam AntiVirus
Win.Trojan.Crossrider-36
0.98/21411

ESET NOD32
Win32/Toolbar.CrossRider.BM (variant)
9.10686

IKARUS anti.virus
PUA.ScrambleWrapper
t3scan.1.8.3.0

K7 AntiVirus
Trojan
13.185.13943

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.1935

Malwarebytes
v2015.06.04.11

McAfee
Artemis!AC80BA252E58
5600.6744

NANO AntiVirus
Riskware.Nsis.Adwrapper.dgzfbk
0.28.6.62995

Reason Heuristics
PUP.Brightcircle.Installer
15.6.4.23

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

File size:
11 MB (11,517,200 bytes)

Copyright:
Copyright Fegls

Trademarks:
Xknfyjy is a trademark of Enkdywckpibtu

Installer:
Nullsoft Install System

Language:
Language Neutral

Digital Signature
Authority:
COMODO CA Limited

Valid from:
10/20/2014 2:00:00 AM

Valid to:
10/21/2015 1:59:59 AM

Subject:
CN=Porter Studio Plus, O=Porter Studio Plus, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B7BA41CFBA8D50AF9A2A64362C08FA91

File PE Metadata
Compilation timestamp:
12/4/2012 2:55:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:PpT2JdhH3YK2KkkbpTTACufJpxbwPSiuoeFbatk0hit6GnFzHNEyOVKYrDcSi+cR:Pp6tIK3kkx4fJp/seMitrFI/r12x

Entry address:
0x412D

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 45, 00, 56, A3, F4, E7, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, E8, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 45, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Entropy:
7.9994  (probably packed)

Code size:
33.5 KB (34,304 bytes)

The file 330117338e3e80ae0b00b3070d5c13328559f94410a740f851784cf7f628ecf3 has been seen being distributed by the following URL.