home

setup.exe

Selecao Technologies (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application setup.exe by Selecao Technologies (Bright Circle Investments) has been detected as adware by 13 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.onlineinputstorage.com. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Selecao Technologies (Bright Circle Investments Ltd)  (signed and verified)

MD5:
f5992dc3d205bec1ebe3c952ba8392fb

SHA-1:
dee3e9875cc72d5bf6f1fe61056d1201101d009a

SHA-256:
e25772c7d57f5ea249b3550143e64ccf4e01ef0ddeaa2e90aff4422f4b28ef26

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer. Distributed through the Brightcircle investments brand.

Analysis date:
4/25/2024 4:00:44 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OutBrowse
2015.01.25

Avira AntiVirus
ADWARE/CrossRider.Gen
7.11.204.248

AVG
PSW.Agent
2016.0.3219

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.15124

Comodo Security
Application.Win32.CrossRider.KA
20829

ESET NOD32
Win32/Toolbar.CrossRider.BS (variant)
9.11067

IKARUS anti.virus
PUA.CrossRider
t3scan.1.8.6.0

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2590

Malwarebytes
PUP.Optional.CrossRider.A
v2015.01.24.10

Panda Antivirus
Trj/Genetic.gen
15.01.24.10

Qihoo 360 Security
Win32/Virus.WebToolbar.762
1.0.0.1015

Reason Heuristics
PUP.Installer.Brightcircle
15.1.26.11

VIPRE Antivirus
Crossrider
36936

File size:
153 KB (156,648 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Signed by:
Selecao Technologies (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/15/2014 4:00:00 PM

Valid to:
12/16/2015 3:59:59 PM

Subject:
CN=Selecao Technologies (Bright Circle Investments Ltd), O=Selecao Technologies (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3F2791037D410A199539AA4A99F7DEB3

File PE Metadata
Compilation timestamp:
1/24/2015 3:07:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:Z0d3mlWAMWo80tjerMHNWL3Hx+vL36Evs1C8/ehoraNUXwFQPLBu:Z0pmletjS2vvs1C8/ehoraNUX4Qz

Entry address:
0x9384

Entry point:
E8, 3D, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 51, 32, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.4755

Code size:
106 KB (108,544 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://dl.onlineinputstorage.com/catchv2plus/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.