» InstAct.exe
Overview
Analysis
File Details
Programs (1)

InstAct.exe

Ziggy Networks (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application InstAct.exe by Ziggy Networks (Bright Circle Investments) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Doctor PC by Dragon Big Lab which is a potentially unwanted software program. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

InstAct.exe

Publisher:

Ziggy Networks (Bright Circle Investments Ltd) (signed and verified)

Description:

InstAct

Version:

2.6.8.0

MD5:

c67652217d94b2d8090d6f845ff0dfa8

SHA-1:

4ee330f0f2a0233277762c49b695fa4b6671d4d7

SHA-256:

33e21c80d2a8f948298fd2150931628eb249e9f4c1b2b7194d5cf75678a46195

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 10:22:43 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.BrightCircle (M)

16.9.2.6

File size:

17 KB (17,416 bytes)

Product version:

2.6.8.0

Original file name:

InstAct.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\roaming\doctor pc\doctor pc 2.6.8\install\bb36479\instact.exe

Digital Signature

Signed by:

Ziggy Networks (Bright Circle Investments Ltd)

Authority:

COMODO CA Limited

Valid from:

12/16/2014 7:00:00 AM

Valid to:

12/17/2015 6:59:59 AM

Subject:

CN=Ziggy Networks (Bright Circle Investments Ltd), O=Ziggy Networks (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00BBB0E0273DE6CDFEF0992B8F1F6BE5C9

File PE Metadata

Compilation timestamp:

1/19/2015 9:03:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:nAz6SFySlWI6MFwBXeoW9Z9d8eyy4TTU+MU9sw6nYe+PjPW38LWM1THtg2eH1nD:nAz6CQAF4XZCD6eyxTDM6ynYPLg85eV

Entry address:

0x403E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0339

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

8.5 KB (8,704 bytes)

The file InstAct.exe has been discovered within the following program.

Doctor PC by Dragon Big Lab

About 57% of users remove it

Remove InstAct.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.