fnwqiak.exe

CinemaHD For Pro 2.4cV24.12

Armageddon Labs (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application fnwqiak.exe, “CinemaHD For Pro 2.4cV24.12 exe” by Armageddon Labs (BrightCircle Investments Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Cinema HDV24.12  (signed by Armageddon Labs (BrightCircle Investments Limited))

Product:
CinemaHD For Pro 2.4cV24.12

Description:
CinemaHD For Pro 2.4cV24.12 exe

Version:
1000.1000.1000.1000

MD5:
ffe57d65fc2d62b6388b792df90ef9ac

SHA-1:
ffbaf7121cdc21eeaea894c64bf87ecc427a5e6e

SHA-256:
7bee04e58d0004bb190977beab16cb0766750d646710c708c48981cf02a8b307

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:56:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.BrightCircle (M)
17.3.9.5

File size:
1.7 MB (1,815,520 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
CinemaHD For Pro 2.4cV24.12.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\fnwqiak.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/1/2014 1:00:00 AM

Valid to:
12/2/2015 12:59:59 AM

Subject:
CN=Armageddon Labs (BrightCircle Investments Limited), O=Armageddon Labs (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C5692390E715129E144F950D09DA6E8A

File PE Metadata
Compilation timestamp:
12/21/2014 12:34:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0xD0664

Entry point:
E8, 66, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 78, 09, E8, 99, E5, 00, 00, 3B, 30, 7C, 07, E8, 90, E5, 00, 00, 8B, 30, E8, 83, E5, 00, 00, 8B, 04, B0, 5E, 5D, C3, 55, 8B, EC, 56, E8, C0, 43, 00, 00, 8B, F0, 85, F6, 75, 07, B8, 20, F2, 52, 00, EB, 26, 53, 57, 33, FF, BB, 86, 00, 00, 00, 39, 7E, 24, 75, 1B, 6A, 01, 53, E8, 69, 2D, 00, 00, 59, 59, 89, 46, 24, 85, C0, 75, 0A, B8, 20, F2, 52, 00, 5F, 5B, 5E, 5D, C3, FF, 75, 08, 8B, 76, 24, E8, 90, FF, FF, FF, 50, 53, 56, E8, 3B, D2...
 
[+]

Entropy:
6.8901

Code size:
971.5 KB (994,816 bytes)

Remove fnwqiak.exe - Powered by Reason Core Security