home

trtextsetup.exe

ColoColo Apps (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application trtextsetup.exe by ColoColo Apps (Bright Circle Investments) has been detected as adware by 18 anti-malware scanners. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
ColoColo Apps (Bright Circle Investments Ltd)  (signed and verified)

MD5:
234c17bbbc1ead810cd99de7e8fba2e3

SHA-1:
bc88d48ade76e312c1e52abe41603973f43e433a

SHA-256:
43678ce012b6df9dd7af307e5a000af6f891c60368207862dc5fa46174aa906b

Scanner detections:
18 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
5/5/2024 6:21:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.173350
734

Avira AntiVirus
ADWARE/CrossRider.Gen4
7.11.206.52

AVG
Win32/DH{gRKBEyAiJQE2ADVO}
2016.0.3212

Baidu Antivirus
PUA.Win32.CrossRider
4.0.3.1521

Bitdefender
Gen:Variant.Adware.Graftor.173350
1.0.20.160

Comodo Security
Application.Win32.CrossRider.KI
20904

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.173350
8.15.02.01.05

ESET NOD32
Win32/Toolbar.CrossRider.BX potentially unwanted (variant)
9.11101

Fortinet FortiGate
Riskware/CrossRider
2/8/2015

F-Secure
Gen:Variant.Adware.Graftor.173350
11.2015-01-02_1

G Data
Gen:Variant.Adware.Graftor.173350
15.2.25

Kaspersky
not-a-virus:WebToolbar.Win32.CrossRider
14.0.0.2554

MicroWorld eScan
Gen:Variant.Adware.Graftor.173350
16.0.0.96

Panda Antivirus
Trj/CI.A
15.02.08.07

Qihoo 360 Security
Win32/Virus.WebToolbar.1ad
1.0.0.1015

Reason Heuristics
Adware.BrightCircle.Installer
15.2.10.11

Sophos
Generic PUA AG
4.98

VIPRE Antivirus
Crossrider
37114

File size:
198 KB (202,712 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\trtextsetup.exe

Digital Signature
Signed by:
ColoColo Apps (Bright Circle Investments Ltd)

Authority:
COMODO CA Limited

Valid from:
12/16/2014 1:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=ColoColo Apps (Bright Circle Investments Ltd), O=ColoColo Apps (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D815C7CD687694A6F4119A3535D31D7A

File PE Metadata
Compilation timestamp:
1/31/2015 12:07:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:Wi9bLIRvO4zywUbl7FZYKu+YFtYg0vs1C8/ehoraNUXkj7kwLGP:f/IRvsN2Edvs1C8/ehoraNUXsqP

Entry address:
0x11E04

Entry point:
E8, CD, 69, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 50, 16, 33, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 01, 33, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 50, 16, 33, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Entropy:
6.5674

Code size:
148 KB (151,552 bytes)

Remove trtextsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.