hqvideo-fr-testinstaller.exe

Baggio Technologies (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application hqvideo-fr-testinstaller.exe by Baggio Technologies (BrightCircle Investments Limited) has been detected as adware by 14 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is distributed as part of the Brightcircle group of browser-extensions.
MD5:
afa1d2d20863cf0d10f0aa70aa7e0b0d

SHA-1:
4ee128c6e55b6fe55705011c408e60d7d5a8d7e9

SHA-256:
2708ac41b96e5438447a3896ef9804eae5967d06a9f1d5b7a6b953a752bcc480

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer. Distributed through the Brightcircle investments brand.

Analysis date:
12/24/2024 1:10:09 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.03

Avira AntiVirus
TR/Dldr.Agent.126952.2
7.11.199.42

avast!
Win32:Dropper-gen [Drp]
2014.9-150103

AVG
Win32/DH
2016.0.3240

G Data
Win32.Trojan.Agent.SA4UJK
15.1.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2695

McAfee
Artemis!AFA1D2D20863
5600.6896

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Adware.BrightCircle
15.3.1.12

Rising Antivirus
PE:Trojan.Win32.Generic.17D43AA0!399784608
23.00.65.15101

Trend Micro House Call
Suspicious_GEN.F47V1210
7.2.3

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
36330

File size:
124 KB (126,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\hqvideo-fr-testinstaller.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/17/2014 1:00:00 AM

Valid to:
11/18/2015 12:59:59 AM

Subject:
CN=Baggio Technologies (BrightCircle Investments Limited), O=Baggio Technologies (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
469910CAA5B253B7B000122E7059F344

File PE Metadata
Compilation timestamp:
12/3/2014 6:16:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:FKa83Z5ZpiEGcig64TSfGjZewwvsuPIg93/LU7eg+sqcyoqa6NLsWjcdB7QNEBpF:kpiEuMTOiUPHPQqg+sp6N0BcapryjQ

Entry address:
0x6E54

Entry point:
E8, 92, 69, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 2C, FA, 31, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Code size:
81.5 KB (83,456 bytes)

The file hqvideo-fr-testinstaller.exe has been seen being distributed by the following URL.

http://95.211.82.145/file/Main/2514s(1).exe/.../

Remove hqvideo-fr-testinstaller.exe - Powered by Reason Core Security