trtextsetup.exe

Clash Project (Bright Circle Investments Ltd)

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application trtextsetup.exe by Clash Project (Bright Circle Investments) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:

MD5:
7c5e90e5c10667dae6475fd80a58f0e7

SHA-1:
8675070218bb047cbd0319eeb2ad9f13fa7583ff

SHA-256:
5d21b75b0cf973cdfa6fd3ed7d12dc2ad0b7c4f725a7ca8a884a782d83db95f7

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 2:06:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.BrightCircle (M)
17.3.13.17

File size:
198.5 KB (203,224 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\trtextsetup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/16/2014 1:00:00 AM

Valid to:
12/17/2015 12:59:59 AM

Subject:
CN=Clash Project (Bright Circle Investments Ltd), O=Clash Project (Bright Circle Investments Ltd), STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Nicosia, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
75DD4745F68AF8221A12839F4A4F8FE1

File PE Metadata
Compilation timestamp:
2/14/2015 12:07:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x11BE4

Entry point:
E8, AD, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 50, 16, 33, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, 01, 33, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 50, 16, 33, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00...
 
[+]

Code size:
148 KB (151,552 bytes)

Remove trtextsetup.exe - Powered by Reason Core Security