setup.exe

Baggio Technologies (BrightCircle Investments Limited)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application setup.exe by Baggio Technologies (BrightCircle Investments Limited) has been detected as adware by 6 anti-malware scanners. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.webdataserv.com. It is distributed as part of the Brightcircle group of browser-extensions.
MD5:
8e3715b0817492cf9d78efa3d25eb36b

SHA-1:
cf5f2f56a8975cd40e70e96f792550ff05e11501

SHA-256:
e8a933832f56f02ca2bd44310713292ac91b5a6e9477a63da8f5597c7d45b537

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/24/2024 12:16:19 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/DH
2015.0.3244

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

McAfee
Artemis!8E3715B08174
5600.6900

Reason Heuristics
Adware.BrightCircle.Installer
15.3.1.12

Trend Micro House Call
Suspicious_GEN.F47V1228
7.2.365

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
111.5 KB (114,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/16/2014 4:00:00 PM

Valid to:
11/17/2015 3:59:59 PM

Subject:
CN=Baggio Technologies (BrightCircle Investments Limited), O=Baggio Technologies (BrightCircle Investments Limited), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
469910CAA5B253B7B000122E7059F344

File PE Metadata
Compilation timestamp:
12/15/2014 8:14:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:YBan+2qMX+twC0qSnCbz/5Hu4utXiL6+0Ec4PpHsWjcdIjDFzmvAEh:YI+x++KVkVTSz+0coIjDFzgh

Entry address:
0x75F3

Entry point:
E8, C1, 4E, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 74, C1, 31, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, B8, BC, 31, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 74, C1, 31, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03...
 
[+]

Entropy:
6.2411

Code size:
70 KB (71,680 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security