home

sdsetup.exe

PC Tools Installer for Spyware Doctor

PC Tools

This is a setup and installation application. The file has been seen being downloaded from www.techspot.com and multiple other hosts.
Publisher:
PC Tools  (signed and verified)

Product:
PC Tools Installer for Spyware Doctor

Version:
1.3.0.132

MD5:
59f9e79b599ef7360f9651cc0582f1ae

SHA-1:
97ae5790fb3413ce4c4e9c34487b2764af134867

SHA-256:
3963cad5ea7f048537896beb2b2b1b83d2d4c451c53acbf24c21eceb124d6726

Scanner detections:
3 / 68

Status:
Clean  (3 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/5/2024 2:48:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Vba32 AntiVirus
Trojan.FakeAV
3.12.24.3

XVirus List
Win.Detected
2.3.31

File size:
3.9 MB (4,130,384 bytes)

Product version:
1.3.0.132

Copyright:
Copyright PC Tools (C) 2012

Original file name:
SD_Online.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
PC Tools

Authority:
VeriSign, Inc.

Valid from:
8/10/2012 2:00:00 AM

Valid to:
8/16/2015 1:59:59 AM

Subject:
CN=PC Tools, OU=Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PC Tools, L=Melbourne, S=Victoria, C=AU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
78F3D9367E0833E79572404E60F8A0AA

File PE Metadata
Compilation timestamp:
4/18/2013 8:54:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:Vo3ogFzVKiokfz5f1IrEavYcHiyAEzERUdIm8DOiyht6:VA/VKifftfSrpYcHHEedImNht6

Entry address:
0x72F64

Entry point:
B8, CC, F3, C9, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 97, 76, 1D, 28, D5, 04, 73, 6E, 89, 0F, F2, 5B, E9, 01, 35, 82, E7, 62, 8B, 5F, 3F, 81, 09, 00, 76, EE, 48, C5, BE, 65, C4, A8, B8, D7, 6B, 1F, 5C, 3B, 18, C4, 5E, 89, CE, 2B, 13, 88, E3, DA, 3A, 70, 1A, A4, CF, 7F, 87, D5, 59, 99, 92, C7, 46, 1A, 4F, 83, D5, 3C, 5A, 1B, E0, 2C, 74, 78, AB, 7C, 2E, 57, 36, 45, 3E, 79, AB, F5, C0, 0B, FB, E3, BE, A4, F6, 86, 5C, 03, F1...
 
[+]

Entropy:
7.7612

Packer / compiler:
PECompact v2

Code size:
981 KB (1,004,544 bytes)

Startup File (User Run Once)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
PC Tools Security

Command:
C:\users\{user}\desktop\sdsetup.exe


The file sdsetup.exe has been discovered within the following program.

360Amigo System Speedup Free  by 360Amigo
360Amigo is registry optimizer. 360Amigo System Speedup bundles a branded version of the Conduit Toolbar, designed to deliver search based advertising and results. During installation the user is presented in some cases with the option to install the toolbar (on by default).
www.360amigo.com
53% remove it
 
Powered by Should I Remove It?

The file sdsetup.exe has been seen being distributed by the following 16 URLs.

http://www.techspot.com/downloads/downloadnow/.../?evp=1c762c66efcf7145c947091d155f3a4a&file=1

http://safe.download.downloadastro.com/?ic_user_id=646

http://www.cdmail.ru/.../go.php?action=download&id=4587&key=2381015

http://www.lo4d.com/get-file/spyware-doctor/.../

http://www.jetelecharge.com/.../tel.php?id=545

http://www.lo4d.com/get-file/spyware-doctor/.../

http://www.programyzobacz.pl/pobierz.php?id=139&pobierz=32

http://www.lo4d.com/get-file/spyware-doctor/.../

http://www.lo4d.com/get-file/spyware-doctor/.../

http://www.jetelecharge.com/tel.php?id=545

http://www.lo4d.com/get-file/spyware-doctor/.../

http://www.pctools.com/.../sdinstall.exe

http://www.programosy.pl/.../pobierz,spyware-doctor,2.html

http://www.tamindir.com/indir/MjAxNC0wMy0xMSAxODoyNDo0Nw==/spyware-doctor/.../9.0.0.2308

http://www.pctools.com/.../sdsetup.exe

http://www.pctools.com/.../sdsetup.exe

Scan sdsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.