» publictransportsetup.exe
Overview
Analysis
File Details
Downloads (1)

publictransportsetup.exe

Public Transport Toolbar Powered by Inbox

Xacti

The application publictransportsetup.exe, “Public Transport Toolbar Powered by Inbox Setup ” by Xacti has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from transport4local.com.

File name:

Publisher:

Xacti, LLC (signed by Xacti)

Product:

Public Transport Toolbar Powered by Inbox

Description:

Public Transport Toolbar Powered by Inbox Setup

Version:

2.0.1.110

MD5:

a0c968a200001bf4d0737e4b9136c6e9

SHA-1:

33e96c5c708ce885d586617ee00520074ecd0a61

SHA-256:

c3d7c28d2a1ff45b449b7743bac2617b44a08560c3d5252d84753c2b6b2bcd01

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 2:34:07 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12396729

370

Avira AntiVirus

Adware/Agent.2488312

7.11.205.118

Bitdefender

Trojan.Generic.12396729

1.0.20.150

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.PCFixSpeed

0.98/19311

Comodo Security

Application.Win32.Inbox.E

19174

Dr.Web

Adware.Downware.9458

9.0.1.030

Emsisoft Anti-Malware

Trojan.Generic.12396729

8.16.01.30.06

ESET NOD32

Win32/Toolbar.Crawler.B potentially unwanted application

10.7.0.302.0

F-Secure

Trojan.Generic.12396729

11.2016-30-01_7

G Data

Trojan.Generic.12396729

16.1.24

IKARUS anti.virus

PUA.Toolbar

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.183.13379

Malwarebytes

PUP.Optional.ToolBarInstaller

v2016.01.30.06

MicroWorld eScan

Trojan.Generic.12396729

17.0.0.90

NANO AntiVirus

Riskware.Win32.Toolbar.dqlgsc

0.30.16.1110

Norman

Trojan.Generic.12396729

11.20160130

nProtect

Trojan.Generic.12396729

14.12.31.01

Reason Heuristics

Win32.Generic

16.1.30.18

File size:

2.3 MB (2,449,776 bytes)

Product version:

2.0.1.110

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\publictransportsetup.exe

Digital Signature

Signed by:

Xacti

Authority:

Thawte, Inc.

Valid from:

8/28/2013 8:00:00 PM

Valid to:

9/18/2015 7:59:59 PM

Subject:

CN=Xacti, O=Xacti, L=Boca Raton, S=Florida, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

723180E2A807DDA0F77264108931DA53

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:KYw3Z8FPbt69lkwv5qzKx0yMYGX74MYbimK9DINYk0u+ROkebA5rOYiZnC:D4rkwBqY03YGX0bF+7ebSivZnC

Entry address:

0xC1C0

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, C8, C0, 40, 00, E8, 60, 86, FF, FF, 33, C0, 55, 68, 85, C8, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 41, C8, 40, 00, 64, FF, 32, 64, 89, 22, A1, 60, E6, 40, 00, E8, 5E, FD, FF, FF, E8, C9, F8, FF, FF, 8D, 55, EC, 33, C0, E8, 93, CA, FF, FF, 8B, 55, EC, B8, 8C, F0, 40, 00, E8, 0A, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 8C, F0, 40, 00, B2, 01... 
[+]

Entropy:

7.9938

Developed / compiled with:

Microsoft Visual C++

Code size:

46.5 KB (47,616 bytes)

The file publictransportsetup.exe has been seen being distributed by the following URL.

http://transport4local.com/.../PublicTransportSetup.exe

Remove publictransportsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.