phx7082.exe

Traffic Space, LLC

The application phx7082.exe by Traffic Space has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.
Publisher:
Traffic Space, LLC  (signed and verified)

MD5:
29d703543358a7447af62367c1e5675d

SHA-1:
0d1ad784ec898d62bb61c989416e5e9c952d14ce

SHA-256:
f2cfbfed217bbd03437c8a4eb43deec88fcf82c9ccc146895ffa9f140acd5f92

Scanner detections:
8 / 68

Status:
Adware

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
11/27/2024 7:23:18 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:Toolbar-C [PUP]
2014.9-150722

Dr.Web
Adware.Zugo.86
9.0.1.0203

ESET NOD32
Win32/Toolbar.Babylon
9.8888

Fortinet FortiGate
W32/Toolbar.BABYLON
7/22/2015

Reason Heuristics
PUP.TrafficSpace.Installer (M)
15.7.22.5

Trend Micro House Call
TROJ_GEN.R06OHI7
7.2.203

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

VIPRE Antivirus
Babylon
22190

File size:
975.3 KB (998,720 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\phx7082.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
2/1/2012 6:00:00 PM

Valid to:
1/17/2013 5:59:59 PM

Subject:
CN="Traffic Space, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Traffic Space, LLC", L=Fort Lee, S=New Jersey, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
467713A2F5A50EE65E01FB50AFA60E0B

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:HQ1rzifN1CR5zQDZVuB1kvUDdg30pdEGZWuvR:w1r+F1CHsdVundie3Xp

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9917

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove phx7082.exe - Powered by Reason Core Security