plus-hd-v1.5-nova.exe

Bright circle investments Ltd.

This adware utilizes the Crossrider extension platform and will inject advertisiments in the Internet browser and may modify core browser settings. Ads will be delivered as banners and contextual text-links and may promote other potentially unwanted software. The application plus-hd-v1.5-nova.exe by Bright circle investments has been detected as adware by 30 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address ip-50-63-202-55.ip.secureserver.net on port 80 using the HTTP protocol. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Plus-HD-V1.5  (signed by Bright circle investments Ltd.)

Product:
Plus-HD-V1.5

Description:
Plus-HD-V1.5 exe

Version:
1000.1000.1000.1000

MD5:
3eb900cd9b18402fbd5942c6648c702f

SHA-1:
ae91256d3c6b32f99fda40334673040509c7596b

SHA-256:
a81380e536c8cc339fc5828237dfe685236eff1c1bf47d909a00883a4f9cbf1a

Scanner detections:
30 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
11/2/2024 9:19:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.957590
925

Agnitum Outpost
PUA.AdLoad
7.1.1

AhnLab V3 Security
PUP/Win32.Toolbar
2014.07.12

Avira AntiVirus
Adware/CrossRider.A.11566
7.11.160.46

avast!
Win32:Adware-gen [Adw]
140617-1

AVG
Adware Generic_r.PP
2014.0.3986

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.14724

Bitdefender
Adware.Generic.957590
1.0.20.1025

Bkav FE
W32.CrossRiderD.Adware
1.3.0.4959

Clam AntiVirus
Win.Adware.Plush-35
0.98/19168

Comodo Security
ApplicUnwnt
18844

Emsisoft Anti-Malware
Adware.Generic.957590
8.14.07.24.03

ESET NOD32
Win32/Toolbar.CrossRider.AE potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Toolbar_CrossRider
7/24/2014

F-Prot
W32/A-7d811582
v6.4.7.1.166

F-Secure
Adware.Generic.957590
11.2014-24-07_5

G Data
Adware.Generic.957590
14.7.24

IKARUS anti.virus
AdWare.CrossRider
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12701

Malwarebytes
PUP.Optional.iWebar.A
v2014.08.04.12

McAfee
RDN/Generic PUP.x!cgr
5600.7059

MicroWorld eScan
Adware.Generic.957590
15.0.0.615

NANO AntiVirus
Riskware.Win32.CrossRider.dbkrkz
0.28.0.60698

Panda Antivirus
Trj/Genetic.gen
14.07.24.03

Qihoo 360 Security
Win32/Virus.Adware.15b
1.0.0.1015

Reason Heuristics
PUP.Task.Brightcircleinvestments.Q
14.7.17.9

Sophos
AppRider
4.98

Trend Micro House Call
Suspicious_GEN.F47V0622
7.2.205

Vba32 AntiVirus
AdWare.AdLoad
3.12.26.3

VIPRE Antivirus
Threat.4789396
31208

File size:
630.5 KB (645,616 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2016

Original file name:
Plus-HD-V1.5.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\plus-hd-v1.5\plus-hd-v1.5-nova.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
6/19/2014 1:00:00 AM

Valid to:
6/20/2015 12:59:59 AM

Subject:
CN=Bright circle investments Ltd., O=Bright circle investments Ltd., STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EF90FEF9AC8E258E5D30D0E08C84D37E

File PE Metadata
Compilation timestamp:
6/19/2014 11:08:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:u4XsIUMXVkO7GmFOXFCxZcT+lIeaTQN3ZQnCApTcMmdwuXF/vgb:tzUNVFT+lrdZiCMT3ywuXF0

Entry address:
0x4A379

Entry point:
E8, 55, DF, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 90, 39, 48, 00, E8, E1, 4E, 00, 00, E8, 9D, 29, 00, 00, 0F, B7, F0, 6A, 02, E8, E8, DE, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 3B, 67, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
451 KB (461,824 bytes)

Scheduled Task
Task name:
1a865e51-8d7f-47ac-a7cc-49d250e98ec8-7

Trigger:
Logon (Runs on logon)

Action:
plus-hd-v1.5-nova.exe \tslqtz='plus-hd-v1.5' \sxvls=59562 \sxpxq='001690


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-53.ip.secureserver.net  (184.168.221.53:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to ip-50-63-202-55.ip.secureserver.net  (50.63.202.55:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.120.145:80)

Remove plus-hd-v1.5-nova.exe - Powered by Reason Core Security