home

setup_odm.exe

ODM

Traffic Space, LLC

The application setup_odm.exe, “ Open Downloader Manager” by Traffic Space has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This particular feature is designed to hijack the browser in an attempt to prevent other resources from modify the browser's search and home pages. The file has been seen being downloaded from opendownloadmanager.com.
Publisher:
InstallerTech Corp  (signed by Traffic Space, LLC)

Product:
ODM

Description:
Open Downloader Manager

Version:
3.0.0.0

MD5:
09d19933675a0029566a072817c9de2b

SHA-1:
12c0a1ac24fb90f802d9329aa3904cd5159d0284

SHA-256:
bb411bc5c678b58839a5d401b69b8a5b82bae687f80d88cc1b31d26184ad6862

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
1/12/2025 11:01:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.179595
660

Agnitum Outpost
Riskware.SearchProtect
7.1.1

Bitdefender
Gen:Variant.Graftor.179595
1.0.20.525

Dr.Web
Adware.Downware.9881
9.0.1.0198

Emsisoft Anti-Malware
Gen:Variant.Graftor.179595
8.15.04.15.07

ESET NOD32
Win32/Packed.VMDetector.O potentially unwanted
9.11348

F-Secure
Gen:Variant.Graftor.179595
11.2015-15-04_4

G Data
Gen:Variant.Graftor.179595
15.4.25

herdProtect (fuzzy)
variant of setup.exe (Adware)
2015.7.17.10

K7 AntiVirus
Trojan
13.202.15319

MicroWorld eScan
Gen:Variant.Graftor.179595
16.0.0.315

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Installer.TrafficSpace
15.4.15.15

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15413

Trend Micro House Call
Suspici.456B35F3
7.2.105

VIPRE Antivirus
InstallerTech
38588

File size:
422.8 KB (432,992 bytes)

Copyright:
(c) InstallerTech Corp. 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_odm.exe

Digital Signature
Signed by:
Traffic Space, LLC

Authority:
Symantec Corporation

Valid from:
2/10/2015 6:00:00 PM

Valid to:
3/18/2015 6:59:59 PM

Subject:
CN="Traffic Space, LLC", O="Traffic Space, LLC", L=Woodcliff Lake, S=New Jersey, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
1C74C364E85C31C63BF0EFB6F416FD6A

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:NQqyKkpm4wk3QQh5JAkBd5C7sbKN2ja89jUlx8Qe98j3H+clXQxvuGOdxeAF6AQx:GJkjfQFvjmNp8FGO8j3flXQNjAFOgz6V

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.8995

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file setup_odm.exe has been seen being distributed by the following URL.

http://opendownloadmanager.com/startsetup.php

Remove setup_odm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.