ColoColo Apps (Bright Circle Investments Ltd) - 39% Detection Rate *

Did you just find a download or a file on your computer that has a digital signature from ColoColo Apps (Bright Circle Investments Ltd)? Some of the security products refers to the detected files as Crossrider (fs) and not-a-virus:WebToolbar.Win32.CrossRider.lpz. The detection rate for the ColoColo Apps (Bright Circle Investments Ltd) files collected here is 39%. Please read on for more details.

You will probably see ColoColo Apps (Bright Circle Investments Ltd) when clicking to run the file. The publisher name shows up as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where ColoColo Apps (Bright Circle Investments Ltd) appears as the verified publisher in the UAC dialog

You can also view the ColoColo Apps (Bright Circle Investments Ltd) certificate with the following procedure:

  1. Open Windows Explorer and locate the ColoColo Apps (Bright Circle Investments Ltd) file
  2. Right-click the file and select Properties
  3. Click the Digital Signatures tab
  4. Click on the View Certificate button

Here is a screencap of a file digitally signed by ColoColo Apps (Bright Circle Investments Ltd):

Screenshot of the ColoColo Apps (Bright Circle Investments Ltd) certificate

As you can see in the screenshot above, the Windows OS reports that "This digital signature is OK". This means that the file has been published by ColoColo Apps (Bright Circle Investments Ltd) and that the file has not been tampered with.

If you click the View Certificate button shown in the screenshot above, you can view all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc. You can also see the address for ColoColo Apps (Bright Circle Investments Ltd), such as the street name, city and country.

COMODO Code Signing CA 2 has issued the ColoColo Apps (Bright Circle Investments Ltd) certificates. You can also see the details of the issuer by clicking the View Certificate button shown in the screencap above.

ColoColo Apps (Bright Circle Investments Ltd) Files

The following are the ColoColo Apps (Bright Circle Investments Ltd) files I've collected, thanks to the FreeFixer users.

Detection RatioFile Name
18/56ZVDEF.exe
12/57d92a0940-53c0-4c18-8145-4e4bc0f69190-5.exe
37/57CinemaP-1.8cV27.01-bho.dll
34/577ce4b200-152c-45ba-a0dc-dd15da48d909-1-7.exe
39/577ce4b200-152c-45ba-a0dc-dd15da48d909-1-6.exe
18/57c9e93fe3-ac01-4361-94d4-3ac585f156a4-11.exe
19/56RKSLHO.exe
21/56629d7ec7-e049-4277-947b-871f320811d6-1-6.exe
2/5516e1f589-f1c3-4bee-b6c7-1563a3f21456-1-6.exe

Scanner and Detection Names

Here's the detection names for the ColoColo Apps (Bright Circle Investments Ltd) files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
AVGGeneric.2FB
AVwareCrossrider (fs)
Ad-AwareGen:Application.Heur.Cv1@mKWQcubO, Gen:Application.Heur.!u1@miXbofcO, Gen:Application.Heur.Vy9@mmO9wZji, Gen:Application.Heur.dv1@mSHAX4fO, Gen:Application.Heur.wz1@mOnx2Sei, Gen:Application.Heur.3v1@myxtZ5lO, Gen:Application.Heur.2v1@mOCCcJkO, Gen:Application.Heur.wz1@mKtEATbi
AgnitumPUA.Toolbar.CrossRider!
AhnLab-V3PUP/Win32.CrossRider
Antiy-AVLGrayWare[WebToolbar:not-a-virus]/Win32.CrossRider.lpz
AvastWin32:Crossrider-CD [PUP]
AviraAdware/CrossRider.ZR, ADWARE/CrossRider.Gen4, ADWARE/CrossRider.Gen7
Baidu-InternationalAdware.Win32.CrossAd.CB, PUA.Win32.CrossRider.BBM, Adware.Win32.CrossAd.BA, Adware.Win32.CrossAd.CD, Adware.Win32.CrossAd.AV, PUA.Win32.CrossRider.BBV, Adware.Win32.CrossAd.BV, PUA.Win32.CrossRider.bAV
BitDefenderGen:Application.Heur.Cv1@mKWQcubO, Gen:Application.Heur.!u1@miXbofcO, Gen:Application.Heur.Vy9@mmO9wZji, Gen:Application.Heur.dv1@mSHAX4fO, Gen:Application.Heur.wz1@mOnx2Sei, Gen:Application.Heur.3v1@myxtZ5lO, Gen:Application.Heur.2v1@mOCCcJkO, Gen:Application.Heur.wz1@mKtEATbi
BkavW32.HfsAdware.8AC6, W32.HfsAdware.D2D0, W32.HfsAdware.EAAB
CAT-QuickHealPUA.BrightCircle.OD6
ClamAVWin.Adware.Crossrider-259
ComodoApplicUnwnt, Application.Win32.Plush.GRI
CyrenW32/S-c19140ac!Eldorado, W32/Application.KYDA-8611, W32/Application.XOMS-2965
DrWebTrojan.Crossrider1.14363, Trojan.Crossrider1.22980, Trojan.Crossrider1.15605, Trojan.Crossrider1.16093
ESET-NOD32a variant of Win32/Toolbar.CrossRider.CB potentially unwanted, a variant of Win32/Toolbar.CrossRider.BM potentially unwanted, a variant of Win32/Toolbar.CrossRider.BA potentially unwanted, a variant of Win32/Toolbar.CrossRider.CD potentially unwanted, a variant of Win32/Toolbar.CrossRider.AV potentially unwanted, a variant of Win32/Toolbar.CrossRider.BV potentially unwanted
F-ProtW32/S-c19140ac!Eldorado
F-SecureGen:Application.Heur.Cv1@mKWQcubO, Gen:Application.Heur.!u1@miXbofcO, Gen:Application.Heur.Vy9@mmO9wZji, Gen:Application.Heur.dv1@mSHAX4fO, Gen:Application.Heur.wz1@mOnx2Sei, Gen:Application.Heur.3v1@myxtZ5lO, Gen:Application.Heur.2v1@mOCCcJkO, Gen:Application.Heur.wz1@mKtEATbi
FortinetRiskware/CrossRider
GDataGen:Application.Heur.Cv1@mKWQcubO, Gen:Application.Heur.!u1@miXbofcO, Gen:Application.Heur.Vy9@mmO9wZji, Gen:Application.Heur.dv1@mSHAX4fO, Gen:Application.Heur.wz1@mOnx2Sei, Gen:Application.Heur.3v1@myxtZ5lO, Gen:Application.Heur.2v1@mOCCcJkO, Gen:Application.Heur.wz1@mKtEATbi
IkarusTrojan.GoogUpdate
JiangminAdWare/NSIS.gsm
K7AntiVirusUnwanted-Program ( 0040fa071 ), Trojan ( 004af5321 )
K7GWUnwanted-Program ( 0040fa071 ), Trojan ( 004af5321 )
Kasperskynot-a-virus:WebToolbar.Win32.CrossRider.lpz
MalwarebytesPUP.Optional.1ClickMovieDownload.A, PUP.Optional.CrossRider.A, PUP.Optional.SavePass.A, PUP.Optional.HQVideo.A
McAfeeArtemis!33314F4A852F, Artemis!C5A8CC60EA93, Artemis!FDEA01660B8A
McAfee-GW-EditionBehavesLike.Win32.Trojan.bh
MicroWorld-eScanGen:Application.Heur.Cv1@mKWQcubO, Gen:Application.Heur.!u1@miXbofcO, Gen:Application.Heur.Vy9@mmO9wZji, Gen:Application.Heur.dv1@mSHAX4fO, Gen:Application.Heur.wz1@mOnx2Sei, Gen:Application.Heur.3v1@myxtZ5lO, Gen:Application.Heur.2v1@mOCCcJkO, Gen:Application.Heur.wz1@mKtEATbi
NANO-AntivirusTrojan.Win32.Crossrider1.dnjteb, Trojan.Win32.Crossrider1.dnvjws, Trojan.Win32.Crossrider1.dozwcj, Trojan.Win32.Crossrider1.dnnfcu
PandaTrj/Genetic.gen, Generic Suspicious
Qihoo-360Win32/Application.3db, HEUR/QVM10.1.Malware.Gen
RisingPE:Malware.Obscure!1.9C59, PE:Trojan.GoogUpdate!6.1E39, PE:Malware.CrossRider!6.1CE1
SUPERAntiSpywareAdware.CrossRider/Variant
SophosGeneric PUA EL, Generic PUA NO, Generic PUA LC
SymantecAdware.Crossid, PUA.Gen.2
TencentTrojan.Win32.Qudamah.Gen.14, Trojan.Win32.Qudamah.Gen.3, Win32.Adware.Bp-browser.Luqs
TrendMicroTROJ_GEN.R0C1C0EBB15, TROJ_GEN.R02KC0EBH15, TROJ_GEN.F0C2C00BI15
TrendMicro-HouseCallTROJ_GEN.R0C1C0EBB15, TROJ_GEN.R02KC0EBH15, TROJ_GEN.F0C2C00BI15
VBA32AdWare.Adwapper
VIPRECrossrider (fs)
ZillyaAdware.CrossRider.Win32.3153, Adware.CrossRider.Win32.3446, Adware.CrossRider.Win32.2441

* How the Detection Percentage is Calculated

The detection percentage is based on that I've collected 2931 scan results for the ColoColo Apps (Bright Circle Investments Ltd) files. 1141 of these scan reports came up with some sort of detection. You can review the full details of the scan reports by examining the files listed above.

Analysis Details

The analysis is done on certificates with the following serial numbers:

Comments

No comments posted yet.

Leave a reply