home

Setup.exe

OSU

Installer Technology Co.

The file Setup.exe, “Open Software Updater” by Installer Technology Co has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from www.lpmxp2029.com.
Publisher:
InstallerTech Corp  (signed by Installer Technology Co.)

Product:
OSU

Description:
Open Software Updater

Version:
3.0.0.0

MD5:
00ffa8c67e2d73a8144d27ef292a2527

SHA-1:
1f809e6fb0aa602b35b7783f15ab6f1d9f099211

SHA-256:
16195d782c56755577ce0f1f86cc32e33bc243675f2812ef56f59c2e0d241e1d

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
11/23/2024 11:06:37 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Conduit.SearchProtect.AB potentially unwanted
9.11246

Reason Heuristics
PUP.InstallerTechnologyCo
15.2.28.14

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15226

Trend Micro House Call
Suspicious_GEN.F47V0222
7.2.59

File size:
323 KB (330,736 bytes)

Copyright:
(c) InstallerTech Corp. 2015

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Installer Technology Co.

Authority:
Symantec Corporation

Valid from:
6/24/2014 5:00:00 PM

Valid to:
6/25/2015 4:59:59 PM

Subject:
CN=Installer Technology Co., O=Installer Technology Co., L=Miami Beach, S=Florida, C=US, SERIALNUMBER=P11000073624, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4DEF1C654DF3168CEFE7C43478977574

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:6Qqn++ViW5C7sbKN2ja89jCP+Ys52r6O6AQgz6dn:o+OiWjmNp8FCP+Ys52r6OOgz6B

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8217

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file Setup.exe has been seen being distributed by the following URL.

http://www.lpmxp2029.com/.../Setup.exe

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.