speeditupfree-knowledge.exe

Setup Factory Runtime

MicroSmarts LLC

The application speeditupfree-knowledge.exe, “Setup Application” by MicroSmarts has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Setup Factory installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from d1t653m828c3x8.cloudfront.net and multiple other hosts.
Publisher:
MicroSmarts LLC  (signed and verified)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.0.2.0

MD5:
eb1d3a6c722173793058368d8c357803

SHA-1:
f03b5691bead1fa20c99f436778f601b530292ae

SHA-256:
5366ad8243ad96573aa5769eb365cfd87cf0d350f85563ebdbb26373869c6738

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 12:05:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.MicroSmarts.X
14.2.16.3

Trend Micro House Call
TROJ_GEN.F47V1006
7.2.357

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
24128

File size:
6.8 MB (7,127,696 bytes)

Product version:
9.0.2.0

Copyright:
Setup Engine Copyright © 2004-2011 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\speeditupfree-knowledge.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/26/2011 2:00:00 AM

Valid to:
2/7/2014 1:59:59 AM

Subject:
CN=MicroSmarts LLC, OU=Software Division, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=MicroSmarts LLC, L=Olympia Fields, S=Illinois, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56BEC1881B0222777E8F497DF216DBFC

File PE Metadata
Compilation timestamp:
4/8/2011 6:20:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:6HBN7HPH6uGgcXgvy2znXLMkekmooAXH8QKE8E59:QBN7va+cXUPzXRekmo/XHpKE8

Entry address:
0x29C1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Entropy:
7.9788  (probably packed)

Code size:
22 KB (22,528 bytes)

The file speeditupfree-knowledge.exe has been seen being distributed by the following 6 URLs.

http://113.171.224.242/.../speeditupfree-knowledge.exe

Remove speeditupfree-knowledge.exe - Powered by Reason Core Security