home

8583.exe

NightWish Center (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 8583.exe by NightWish Center (Bright Circle Investments) has been detected as adware by 20 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
NightWish Center (Bright Circle Investments Ltd)  (signed and verified)

Version:
104.0.0.0

MD5:
7f5db0d676fd5c7c39add0488a81bb58

SHA-1:
d11ed9a70c895de1effc41928eeac7a87ee4bd74

SHA-256:
d2d4735cb594411522b9e38c7fb4b55fc69c6bf051a1aa24cb4c52da66fb0730

Scanner detections:
20 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
4/22/2025 12:12:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Strictor.82389
6309470

AhnLab V3 Security
PUP/Win32.CrossRider
2015.04.01

Avira AntiVirus
ADWARE/Adware.Gen
3.6.1.96

avast!
Win32:Crossrider-DU [PUP]
2014.9-150329

AVG
Win32/DH{gRITfWUDICIlV04A}
2016.0.3155

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1542

Bitdefender
Gen:Variant.Strictor.82389
1.0.20.440

Comodo Security
ApplicUnwnt
21607

Emsisoft Anti-Malware
Gen:Variant.Strictor.82389
9.0.0.4799

ESET NOD32
Win32/Toolbar.CrossRider.BM potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/CrossRider
4/2/2015

F-Secure
Gen:Variant.Strictor.82389
5.13.68

G Data
Gen:Variant.Strictor.82389
15.3.25

herdProtect (fuzzy)
variant of utility.exe (Adware)
2015.7.3.19

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2272

MicroWorld eScan
Gen:Variant.Strictor.82389
16.0.0.264

Reason Heuristics
Adware.BrightCircle.NightWishCenterBrightCircleInvestments
15.4.11.23

Sophos
Generic PUA EJ
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4789396
38552

File size:
1.7 MB (1,819,104 bytes)

Product version:
104.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\8583.exe

Digital Signature
Signed by:
NightWish Center (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 12:00:00 AM

Valid to:
12/16/2015 11:59:59 PM

Subject:
CN=NightWish Center (Bright Circle Investments Ltd), O=NightWish Center (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B30349E6AD66949988B51360F031BFB4

File PE Metadata
Compilation timestamp:
3/25/2015 5:19:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:Td9zuD1k9KOEBGlW5SeYyBoaTXpSkLQ77Jz4nmeXtn:p9W1xIW59YyBodA

Entry address:
0x119810

Entry point:
E8, D2, 10, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, A4, 6D, 5A, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, AE, 59, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, A4, 6D, 5A, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00...
 
[+]

Entropy:
6.6317

Code size:
1.3 MB (1,317,888 bytes)

Remove 8583.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.