Setup.exe

OSU

Hudson Exchange Group, LLC

The file Setup.exe, “Open Software Updater” by Hudson Exchange Group has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from opensoftwareupdater.com and multiple other hosts.
Publisher:
InstallerTech Corp  (signed by Hudson Exchange Group, LLC)

Product:
OSU

Description:
Open Software Updater

Version:
3.0.0.0

MD5:
8b6359647ed57e2f1b4c18a77256e337

SHA-1:
43cb93da6e73cf5f2c32bf9fae50e1539c00ba27

SHA-256:
391ce1a9755ce5aef4e24fde64f9d1b184a034b2d4717cdd64595a9d8245c74e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:35:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.HudsonExchangeGroup
15.5.3.0

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15327

File size:
385.9 KB (395,128 bytes)

Copyright:
(c) InstallerTech Corp. 2015

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/10/2015 7:00:00 PM

Valid to:
10/31/2016 7:59:59 PM

Subject:
CN="Hudson Exchange Group, LLC", O="Hudson Exchange Group, LLC", L=Woodcliff Lake, S=New Jersey, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5B78F4208F4D587B6FA9A6AF8EC8FD12

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:/iOykx3PEo1twMaJ9s+3rP+Ys52r6OOgz65:/pbxcok9sS+Ys5xOOF

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8633

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file Setup.exe has been seen being distributed by the following 8 URLs.

Remove Setup.exe - Powered by Reason Core Security