home

trtextsetup.exe

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application trtextsetup.exe by Sailor Project has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Sailor Project  (signed and verified)

Description:
Ezqhwijhuaraov

Version:
22.17.6.2

MD5:
0e5065f2661c827e9842ee2276102900

SHA-1:
5bb14796f8b3ae5e9e8e6b2f38b38d05af1efec7

SHA-256:
177d16f739643f0b57a8279709c34ba9e25d85f83407eaa3450f98a788bf7ad7

Scanner detections:
12 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/19/2024 9:01:09 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Crossrider-N [PUP]
2014.9-141031

AVG
Generic
2015.0.3305

Clam AntiVirus
Win.Adware.Agent-6597
0.98/21411

Dr.Web
Trojan.Crossrider.17413
9.0.1.0304

ESET NOD32
Win32/Packed.ScrambleWrapper (variant)
8.10315

IKARUS anti.virus
PUA.CrossRider
t3scan.1.7.5.0

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3019

Malwarebytes
PUP.Optional.CrossRider
v2014.10.31.05

Panda Antivirus
Trj/Genetic.gen
14.10.31.05

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.SailorProject.L
14.10.31.5

Sophos
Generic PUA FL
4.98

File size:
8.6 MB (8,973,008 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\trtextsetup.exe

Digital Signature
Signed by:
Sailor Project

Authority:
COMODO CA Limited

Valid from:
7/18/2014 3:00:00 AM

Valid to:
7/19/2015 2:59:59 AM

Subject:
CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
47C5F145C734CD3D086C0A102176F0A1

File PE Metadata
Compilation timestamp:
12/4/2012 3:55:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:dLB26e53QM+IgNs83RCR+PPYaSicnk5LcFRinmGNDPunG:JU6GAM07PPYjnk5L5nmGBGG

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

Remove trtextsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.