hdflashplayer-chrome.exe

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application hdflashplayer-chrome.exe by Berta Brid Eco has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.hdvidcodecs.com and multiple other hosts. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Berta Brid Eco  (signed and verified)

MD5:
8ee80bf0ccf33a5748ea992877b145aa

SHA-1:
b530b57fa32a0efbafa7e0093046f1ca58232a97

SHA-256:
79c022e0432b342c1e9c10b87f4a34006fc7731dd3ba47b01544ce00fd535504

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 2:15:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Brightcircle.BertaBridEco.Installer (M)
15.10.16.23

File size:
396.2 KB (405,704 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hdflashplayer-chrome.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/13/2014 7:00:00 PM

Valid to:
8/14/2015 6:59:59 PM

Subject:
CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:CvAmHLSZOhhMUJ7IpBail4PDlJv+tU5N+Z:CvFLO8T56gDlJ2tJ

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8915

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file hdflashplayer-chrome.exe has been seen being distributed by the following 4 URLs.

Remove hdflashplayer-chrome.exe - Powered by Reason Core Security