home

temp.exe

AcDc Project (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application temp.exe by AcDc Project (BrightCircle Investments Limited) has been detected as adware by 15 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
AcDc Project (BrightCircle Investments Limited)  (signed and verified)

MD5:
dc5bc6a6319b4d4bbf8e3dd97c9a3423

SHA-1:
9bcd4af79093ba7ba06cdec59febbae97d751efc

SHA-256:
6f9c63354d3441e7af8db4b4610edb8fa8d058b02620ac5f0bde3e9cb8c64c27

Scanner detections:
15 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/26/2024 11:56:49 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.01.11

Avira AntiVirus
ADWARE/CrossRider.Gen7
7.11.202.118

avast!
Win32:Malware-gen
2014.9-150117

AVG
Win32/DH{gRIgIiUBNgA1Tg}
2016.0.3226

Baidu Antivirus
Adware.Win32.CrossAd
4.0.3.15117

Dr.Web
Trojan.DownLoader12.8003
9.0.1.028

ESET NOD32
Win32/Toolbar.CrossRider.BS (variant)
9.10994

F-Prot
W32/S-bafd9975
v6.4.7.1.166

K7 AntiVirus
Unwanted-Program
13.191.14674

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2627

Malwarebytes
PUP.Optional.CrossRider.A
v2015.01.28.11

Panda Antivirus
Trj/Genetic.gen
15.01.17.03

Reason Heuristics
Adware.BrightCircle.BrowserExtenson
15.1.17.15

VIPRE Antivirus
Crossrider
36556

Zillya! Antivirus
Adware.CrossRider.Win32.1575
2.0.0.2038

File size:
152.5 KB (156,128 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\temp.exe

Digital Signature
Signed by:
AcDc Project (BrightCircle Investments Limited)

Authority:
COMODO CA Limited

Valid from:
11/30/2014 6:00:00 PM

Valid to:
12/1/2015 5:59:59 PM

Subject:
CN=AcDc Project (BrightCircle Investments Limited), O=AcDc Project (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BB5CB272841409598560E8776848BBF4

File PE Metadata
Compilation timestamp:
1/10/2015 5:07:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:nme4PfMP5PW9rE+T9xt7kYw+bzUKgcvs1C8/ehoraNUXbrPL:maWJ7kYwIdvs1C8/ehoraNUX/z

Entry address:
0x9104

Entry point:
E8, AD, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 51, 32, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 34, 66, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.4534

Code size:
105.5 KB (108,032 bytes)

Remove temp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.