home

9322.exe

NightWish Center (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application 9322.exe by NightWish Center (Bright Circle Investments) has been detected as adware by 29 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
NightWish Center (Bright Circle Investments Ltd)  (signed and verified)

Version:
104.0.0.0

MD5:
b7efc56e38d01f39b4bcdef23a54f3a7

SHA-1:
5fde4c00117810699264759cc0398063b2585692

SHA-256:
ed6a67ef06f3f0d96e9cd37f4d91eb2f6beee8df7b8f2001cbc09051fdc17837

Scanner detections:
29 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Analysis date:
4/18/2025 8:57:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1222702
638

AhnLab V3 Security
PUP/Win32.CrossRider
2015.04.07

Avira AntiVirus
ADWARE/Adware.Gen
3.6.1.96

avast!
Win32:Malware-gen
2014.9-150507

AVG
Win32/DH{gRITfWUDICIlV04A}
2016.0.3116

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.1557

Bitdefender
Adware.Generic.1222702
1.0.20.635

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Crossrider-242
0.98/21511

Comodo Security
ApplicUnwnt
21926

Dr.Web
Trojan.Crossrider1.25393
9.0.1.0127

Emsisoft Anti-Malware
Adware.Generic.1222702
8.15.05.07.06

ESET NOD32
Win32/Toolbar.CrossRider.CH potentially unwanted (variant)
9.11436

Fortinet FortiGate
W32/Generic.CH!tr.dldr
5/7/2015

F-Secure
Adware.Generic.1222702
11.2015-07-05_5

G Data
Adware.Generic.1222702
15.5.25

herdProtect (fuzzy)
variant of 2294.exe (Adware)
2015.8.5.19

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2076

McAfee
Artemis!78EAEE6B9F99
5600.6772

MicroWorld eScan
Adware.Generic.1222702
16.0.0.381

NANO AntiVirus
Trojan.Win32.Crossrider1.dqjhpi
0.30.24.1357

Panda Antivirus
Trj/Genetic.gen
15.05.07.06

Reason Heuristics
Adware.BrightCircle.NightWishCenterBrightCircleInvestments
15.5.7.14

Sophos
Generic PUA NE
4.98

Trend Micro House Call
TROJ_GEN.R047C0EDF15
7.2.127

Trend Micro
TROJ_GEN.R047C0EDF15
10.465.07

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Crossrider
39136

Zillya! Antivirus
Adware.CrossRider.Win32.5421
2.0.0.2157

File size:
1.7 MB (1,819,104 bytes)

Product version:
104.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\9322.exe

Digital Signature
Signed by:
NightWish Center (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 1:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=NightWish Center (Bright Circle Investments Ltd), O=NightWish Center (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B30349E6AD66949988B51360F031BFB4

File PE Metadata
Compilation timestamp:
3/25/2015 6:19:54 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:dd9zuD1k9KOEBGlW5SeYyBoaTXpSkLQ47Jz4nmeXtQ:n9W1xIW59YyBod0

Entry address:
0x119810

Entry point:
E8, D2, 10, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, A4, 6D, 5A, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 48, AE, 59, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, A4, 6D, 5A, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00...
 
[+]

Code size:
1.3 MB (1,317,888 bytes)

Remove 9322.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.