home

setup.exe

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application setup.exe by ColoColo Apps (Bright Circle Investments) has been detected as adware by 18 anti-malware scanners. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.ourclientinputsrv.com. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
ColoColo Apps (Bright Circle Investments Ltd)  (signed and verified)

MD5:
33a96ba863c5924cb91f16c3c5f70315

SHA-1:
a6f54ca5a4b2d0d66655ad1234b758020b6e95a4

SHA-256:
24ca9f8e41a61ede9855238bfb58eb3c2663e0373854ea59890905057acdd0de

Scanner detections:
18 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage). Distributed through the Brightcircle investments brand.

Analysis date:
4/26/2024 4:04:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.173350
700

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.205.178

AVG
Generic
2016.0.3178

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.1536

Bitdefender
Gen:Variant.Adware.Graftor.173350
1.0.20.325

Comodo Security
Application.Win32.CrossRider.KI
20967

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.173350
8.15.03.06.10

ESET NOD32
Win32/Toolbar.CrossRider.BX potentially unwanted (variant)
9.11126

Fortinet FortiGate
Riskware/CrossRider
3/6/2015

F-Prot
W32/S-c9e4d41b
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.173350
11.2015-06-03_6

G Data
Gen:Variant.Adware.Graftor.173350
15.3.25

K7 AntiVirus
Unwanted-Program
13.193.14867

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2572

MicroWorld eScan
Gen:Variant.Adware.Graftor.173350
16.0.0.195

Qihoo 360 Security
Win32/Virus.Adware.de5
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Installer
15.2.10.11

VIPRE Antivirus
Threat.4789396
36694

File size:
200 KB (204,760 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
ColoColo Apps (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/15/2014 6:00:00 PM

Valid to:
12/16/2015 5:59:59 PM

Subject:
CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata
Compilation timestamp:
1/27/2015 11:07:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:59CXLCVetU+Qg6fvs1C8/ehoraNUX/PKf:59CXL065b6D

Entry address:
0x12204

Entry point:
E8, AD, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 54, 26, 33, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 11, 33, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 54, 26, 33, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.5642

Code size:
149.5 KB (153,088 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://dl.ourclientinputsrv.com/catchv2plus/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.