setup.exe

Baggio Technologies (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application setup.exe by Baggio Technologies (BrightCircle Investments Limited) has been detected as adware by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.newstaticdatacloud.com and multiple other hosts. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
MD5:
971b940056a8b2fd478bcbd88323fc23

SHA-1:
30ff6b568ad1b3cc025d0e7ff662d988c50b2583

SHA-256:
7eb1f9e7f899f47394be712f29e9d753c2f57b901913bb1bf5dc609d5096e46d

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/24/2024 11:54:58 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win.Threat.High
2014.0.4189

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.2851

Reason Heuristics
Adware.BrightCircle.Installer
15.3.1.12

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
124 KB (126,952 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/17/2014 1:00:00 AM

Valid to:
11/18/2015 12:59:59 AM

Subject:
CN=Baggio Technologies (BrightCircle Investments Limited), O=Baggio Technologies (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
469910CAA5B253B7B000122E7059F344

File PE Metadata
Compilation timestamp:
12/2/2014 11:52:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:AKG03Z5puiEGcig64TSfGjZewwvsuPIg93/LU7ig+sqcyoqa6NLsWjcdB7SNIBpA:XuiEuMTOiUPHPQGg+sp6N0BG+pryjp

Entry address:
0x6E54

Entry point:
E8, 92, 69, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 2C, FA, 31, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, D0, 01, 32, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Code size:
81.5 KB (83,456 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

Remove setup.exe - Powered by Reason Core Security