izfhxztmrhuhjz.exe

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application izfhxztmrhuhjz.exe by Bright circle investments has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Bright circle investments Ltd.  (signed and verified)

Version:
1.34.7.1

MD5:
f9076ea6053310cfadbc2cacfdd608e1

SHA-1:
aa33fdc5d43b922694271d08ed265a867cb7bec5

SHA-256:
51267abd452e31207f84c88f3c624880a83e044c030824b2c1647c88c27b5019

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 8:03:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.BrightCircle (M)
17.2.26.12

File size:
7.4 MB (7,808,528 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\izfhxztmrhuhjz.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/19/2014 5:00:00 PM

Valid to:
6/20/2015 4:59:59 PM

Subject:
CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4347D0F2AD67F1767C932B3BFBEA7713

File PE Metadata
Compilation timestamp:
12/4/2012 5:55:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.9984  (probably packed)

Code size:
34.5 KB (35,328 bytes)

Remove izfhxztmrhuhjz.exe - Powered by Reason Core Security