» setupstart.exe
Overview
Analysis
File Details
Downloads (15)

setupstart.exe

O S U

Traffic Space, LLC

The application setupstart.exe, “ Open Software Updater” by Traffic Space has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from cloud.securedownloadcdn.com and multiple other hosts.

File name:

setupstart.exe

Publisher:

Traffic Space, LLC (signed and verified)

Product:

O S U

Description:

Open Software Updater

Version:

3.1.0.0

MD5:

87eb1735491d757e2d804aa0078604ff

SHA-1:

20659d36664847c1cbed8b59f1bb975b46cecb8e

SHA-256:

66f1310575bef6c5e56c6d4e7738226099fe225ac4530d3182f296a6064bbac3

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

12/26/2024 12:18:38 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.2988

Baidu Antivirus

Trojan.Win32.HistoryChecker

4.0.3.15913

Dr.Web

Adware.Downware.10994

9.0.1.0256

ESET NOD32

Win32/Conduit.SearchProtect.AI potentially unwanted (variant)

9.12240

Fortinet FortiGate

Riskware/Conduit_SearchProtect

9/13/2015

K7 AntiVirus

Adware

13.210.17194

McAfee

Artemis!87EB1735491D

5600.6644

Reason Heuristics

PUP.TrafficSpace.Installer (M)

15.9.13.4

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF[F1]

23.00.65.15911

Sophos

Generic PUA CA (PUA)

4.98

VIPRE Antivirus

InstallerTech

43678

File size:

694.4 KB (711,016 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\setupstart.exe

Digital Signature

Signed by:

Traffic Space, LLC

Authority:

Symantec Corporation

Valid from:

3/16/2015 8:00:00 PM

Valid to:

4/15/2016 7:59:59 PM

Subject:

CN="Traffic Space, LLC", O="Traffic Space, LLC", L=Woodcliff Lake, S=New Jersey, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

6C4417841FFCEC12D6EFE825A6723A4E

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:rcPjwpv538sahUs54ac9JybC4IUgO6oO9Cjuapghz9T4IoSlg/DeqC9eC:rcPoF8dLe9M6oOlQCz9T+JeqCp

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.9432

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file setupstart.exe has been seen being distributed by the following 15 URLs.

https://cloud.securedownloadcdn.com/r.php?L6HnESkAtdgc5sAfLY837fSFnqvrpZQb6yyKrSlU6C6b4HrQFzUNONscdYEDXuO33mOufapmMwxQdYHTyBHnoaAC8ef5J39MqYhG8H2VeALsztm743vtd55lkkr3oAQPz8vHQxC47oxHRTOWWjqapvwKQXNfyE47NAPE8rJgQgXI9ME654gvAMfrK3HjILqwmfauHTLy9IgiuUoAZF6Asl2cpJv8vWERbOmTI7rRPHakCzUCe0dGmfTMZoUukymwnIq6PRYFz8ZcIUPXV3Ehjx4iWYMhx9NVRe1H5ZnF8nSRiIOdLtv40znXyae5j21bg2Tm2g2bEU2WDQ9okFtkeQiM0wSkyTvOWoaYFcaj7cfK3p9n4DIju06vxYP5SlUOJ5NpiXIqaYbdokBsYjLtkRYRQOXI9RxTXlifj1Ft0QHobjRaDCDXuBPlqM4zECtBXLQgNwKNnrbyL2IoFllaXbwnXAXBcqdac4q0AbNXCZwo2eMIA8Ty

https://softwareupdateproduct.com/campaign/.../fixdl.php

https://cloud.securedownloadcdn.com/r.php?kryF81g2KmSAPmSTOsadne5ZaIseNQc8iKNqL4tvrl6gHZ9wskJPzPPKyhZl7bupWiQImjdNEk4mkeSMzCB9rqT0ITlP5Pe185JuoXi3inpCBioaVZjnqdn87IYcydeGiXbGVuJdR9PsseDndXLEb8NiRLuqYI7gGiXCMHQERF6jTKH7HsMSBzbslFSjoZA5ixH5exJ5dQp7A7fhA1abBlEW1wgpwQvPncUCKDIXt753fklPmw0YSEUTbbjI1Oxp1r1L5KJyROC79YWvuXtmCogOzzwBo30pu2aAMT9EHLLQKImfFQCheS6OsCpQFqfatqKfjTU1FFSqnfF35hlkar8C3ytJZJUs9FIsyCueinEGCkJHC41NwaqzJTjICdbLSTerwIGO5luIFepijr5PCvploI41WfMO81fEKWtQhYyXcYfvpkl1PLnetrfqG2eP3uuOqXEIVcF8aUEAfZB4LYjeqyF6BTVFoptOn8wjkcrv655l5HqQ

https://cloud.securedownloadcdn.com/r.php?IRZpiOI3VEgurvtkSU7sqayy25bLtHjbziAS7jV3YbxpH1KzVR2m2AV5G6Q9O9kosVgzfcCdoaD5boF7fHuiiqnYwd7lnsJPo0pDc2RAduGpTmw931rmrOlY2tjpV2fk3EXfGPQTkwidSPmWROjjCEhF7B43EjnHYlWFaNzvjRIcH59zTsSw7abeMgiqAF7y14dcRMHbEqomvxWp0OW7Z7lLoEcYjjwknKxfxeqcEPyamuAmjwujEP52uh1NAx8YiFePUF2yuAJQ5kdpRHJvxOy15zPG7XFqDTgxyi63TQUZa7o1P7xnW6o1FeINcndPhtnQLtTFjNEuU2wKa3769w8PKQCWdQLvj8l5CeKW1pqWrXHC1OIbkR04HD1VtMqNVLTy0Du12VYuSF6TuP4OG5ToIUjcHKZDwSbwwFyzAw3scamG0qvHwo5ejpq09qDGiPcPuKo4hsxuDUbDkGlQ4r5oRwp1W2HeST3mEsrWUZqxTBbeix5n

https://cloud.securedownloadcdn.com/serve2.php

https://softwareupdateproduct.com/campaign/.../fixdl.php

Remove setupstart.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.