hdflashplayer-chrome.exe

Berta Brid Eco

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application hdflashplayer-chrome.exe by Berta Brid Eco has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.hdvidcodecs.com and multiple other hosts. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Berta Brid Eco  (signed and verified)

MD5:
713c7643d75f02a549b1b310c5a754fa

SHA-1:
f9514785c51b94740761b64a7ac3883f1c4937b5

SHA-256:
30b217fad810798ffb22c8ea45af67fef9ee1f9a8c191d3c0404928321f0fa5f

Scanner detections:
10 / 68

Status:
Adware

Explanation:
The installer bundles additional adware-type offers (ad-supported) that are displayed to the user during setup and typically installed by default. These include web browser ad-injectors. Distributed through the Brightcircle investments brand.

Analysis date:
12/25/2024 1:56:24 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/OneClick.D.7
7.11.170.222

avast!
Adware-gen [Adw]
140813-1

AVG
Could be an adware MultiBundle
2014.0.4015

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
Win32/AdWare.1ClickDownload.AT
8.10367

G Data
NSIS.Adware.OneClickDownloader
14.9.24

NANO AntiVirus
Trojan.Nsis.Yotoon.deckrr
0.28.2.61942

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.BertaBridEco.U
14.9.4.14

Sophos
FT Downloader
4.98

File size:
396.2 KB (405,672 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\hdflashplayer-chrome.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/14/2014 3:00:00 AM

Valid to:
8/15/2015 2:59:59 AM

Subject:
CN=Berta Brid Eco, O=Berta Brid Eco, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF48FE90F98CEC7AF0FDEECC0B376D44

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:QsfNfon9Bz26XF+VsXrtFjsxLIAN1NdVjlPNpc4FxBGPHzCVU6Uqvqth16yrp9:3Nfonf2qF+e7DjspxzN9AE2HzGJvGzp

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file hdflashplayer-chrome.exe has been seen being distributed by the following 7 URLs.

https://www.hdvidcodecs.com/.../marmardr.php?subid=marmarlk&sid=Z3dXVpZD00NDgzNjc4My04N2NlLTQ3MzctOTVlZC02ZGNhNmYwOTE3MDU

Remove hdflashplayer-chrome.exe - Powered by Reason Core Security