radio canyon-bg.exe

Morgan Enter Mode

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application radio canyon-bg.exe by Morgan Enter Mode has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Radio Canyon by Bright circle investments Ltd. which is a potentially unwanted software program. Part of the Corssrider web browser platform, the BG executable is a background process that manage various function of the installed extensions in user's browser including managing installation, updates and remote code downloads. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Radio Canyon  (signed by Morgan Enter Mode)

Product:
Radio Canyon

Description:
Radio Canyon exe

Version:
1000.1000.1000.1000

MD5:
92d24c95df949785a971c19373b0d9c8

SHA-1:
c61ddaa0e1edadf1292ab5f26d4f9fe1fe593f34

SHA-256:
a66c0df708674234bacd7fe97b271aa9dd8defd6d72ad9d46eea9a2aa3d4ff04

Scanner detections:
1 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements. Distributed through the Brightcircle investments brand.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application. The owner/publisher of this file is Morgan Enter Mode.

Analysis date:
12/25/2024 12:07:11 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Crossrider.Brightcircle (M)
16.2.26.0

File size:
713.9 KB (731,040 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
Radio Canyon.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\radio canyon\radio canyon-bg.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/28/2014 3:00:00 AM

Valid to:
8/29/2015 2:59:59 AM

Subject:
CN=Morgan Enter Mode, O=Morgan Enter Mode, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00E247EA066029B70533C15792B60ED4D8

File PE Metadata
Compilation timestamp:
10/10/2014 10:37:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ZsugHX9U1sJ0vnB7PozCut+1wnIiTY9bxopZ:ZbgHX9QgIQnLT0ba7

Entry address:
0x65C6A

Entry point:
E8, 4D, CB, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, B1, 4A, 00, E8, 50, 49, 00, 00, E8, C4, 1C, 00, 00, 0F, B7, F0, 6A, 02, E8, E0, CA, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 20, 4F, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
573 KB (586,752 bytes)

The file radio canyon-bg.exe has been discovered within the following program.

Radio Canyon  by Bright circle investments Ltd.
Radio Canyon (Porter Studio Plus) is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.
88% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-46.ip.secureserver.net  (184.168.221.46:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to geoplugin.net  (178.237.36.10:80)

Remove radio canyon-bg.exe - Powered by Reason Core Security