setup.exe

CloudCanvas, Inc.

The application setup.exe by CloudCanvas has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
CloudCanvas, Inc.  (signed and verified)

MD5:
5c055d1435911b729606b5bc9d36e9ef

SHA-1:
ec7cefb7b0385ba0cf56408eb699f1269d8a8053

SHA-256:
220c4547496c7ebb50b53c348a034a95bbde48b78dcd05502858f4444f5aa372

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
11/5/2024 2:38:38 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:BHO-AMO [PUP]
2014.9-150509

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Yontoo.55
9.0.1.05190

ESET NOD32
Win32/ExFriendAlert.A potentially unwanted application
7.0.302.0

G Data
Win32.Adware.Conduit
15.5.25

IKARUS anti.virus
PUA.ExFriendAlert
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.203.15859

Malwarebytes
PUP.Optional.UnfriendApp.A
v2015.05.09.09

NANO AntiVirus
Riskware.Win32.Plugin.dbxmhd
0.30.24.1357

Reason Heuristics
Threat.Installer.CloudCanvas
15.5.9.17

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
39486

File size:
1.7 MB (1,799,584 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
2/21/2013 12:34:44 PM

Valid to:
2/21/2014 12:34:44 PM

Subject:
CN="CloudCanvas, Inc.", O="CloudCanvas, Inc.", L=Wilmington, S=DE, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B04DF33556E49

File PE Metadata
Compilation timestamp:
6/6/2009 4:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:/2ZQM+bjXr3PDG0ZdffsdQbFwCYIQE3VpXm7tximvg3hnQfnZL4ZQMVFwCYIQE3F:uSNbPfKkxfs8hHOtdg3hnikSYhHOJ6

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9925

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security