setup_osu.exe

O S U

Traffic Space, LLC

The application setup_osu.exe, “Open Software Updater” by Traffic Space has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from softwareupdateproduct.com and multiple other hosts.
Publisher:
Traffic Space, LLC  (signed and verified)

Product:
O S U

Description:
Open Software Updater

Version:
3.1.0.0

MD5:
0289298da719e873a2d59b73f1b6750d

SHA-1:
654b3c9fe246b73a8631c58bc40b1deb36d9c3f1

SHA-256:
39a362fe990b5270cd4af89bb5d5035c75ac7dcc1c33f5c39b2bfc21d5a36874

Scanner detections:
11 / 68

Status:
Adware

Analysis date:
11/23/2024 3:06:41 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2987

Baidu Antivirus
Adware.Win32.Agent
4.0.3.15914

Dr.Web
Adware.Downware.10994
9.0.1.0257

Malwarebytes
PUP.Optional.OpenSoftware.Updater
v2015.09.14.07

McAfee
Artemis!0289298DA719
5600.6643

Panda Antivirus
Generic Suspicious
15.09.14.07

Qihoo 360 Security
HEUR/QVM42.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.TrafficSpace.Installer (M)
15.9.14.7

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF[F1]
23.00.65.15912

Sophos
Open Software Updater (PUA)
4.98

VIPRE Antivirus
InstallerTech
43734

File size:
711.9 KB (728,992 bytes)

Copyright:
Copyright 2015

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup_osu.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
3/16/2015 7:00:00 PM

Valid to:
4/15/2016 6:59:59 PM

Subject:
CN="Traffic Space, LLC", O="Traffic Space, LLC", L=Woodcliff Lake, S=New Jersey, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6C4417841FFCEC12D6EFE825A6723A4E

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:QjyeW0acZ5epCyEGofkK5QZxIHBqc2lDvkCbUj4UUaJaWVLuVS1wT+Na976:QjyF0awODAs8EeByvi0UFJx6I1C+8s

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9453

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup_osu.exe has been seen being distributed by the following 10 URLs.

https://softwareupdateproduct.com/campaign/.../fixdl.php

https://softwareupdateproduct.com/campaign/.../fixdl.php

https://softwareupdateproduct.com/campaign/.../fixdl.php

Remove setup_osu.exe - Powered by Reason Core Security