» phx7082.exe
Overview
Analysis
File Details

phx7082.exe

Traffic Space, LLC

The application phx7082.exe by Traffic Space has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. It is also typically executed from the user's temporary directory.

File name:

phx7082.exe

Publisher:

Traffic Space, LLC (signed and verified)

MD5:

29d703543358a7447af62367c1e5675d

SHA-1:

0d1ad784ec898d62bb61c989416e5e9c952d14ce

SHA-256:

f2cfbfed217bbd03437c8a4eb43deec88fcf82c9ccc146895ffa9f140acd5f92

Scanner detections:

8 / 68

Status:

Adware

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/18/2024 5:17:40 PM UTC (today)

Scan engine

Detection

Engine version

avast!

NSIS:Toolbar-C [PUP]

2014.9-150722

Dr.Web

Adware.Zugo.86

9.0.1.0203

ESET NOD32

Win32/Toolbar.Babylon

9.8888

Fortinet FortiGate

W32/Toolbar.BABYLON

7/22/2015

Reason Heuristics

PUP.TrafficSpace.Installer (M)

15.7.22.5

Trend Micro House Call

TROJ_GEN.R06OHI7

7.2.203

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Babylon

22190

File size:

975.3 KB (998,720 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\phx7082.exe

Digital Signature

Signed by:

Traffic Space, LLC

Authority:

VeriSign, Inc.

Valid from:

2/1/2012 6:00:00 PM

Valid to:

1/17/2013 5:59:59 PM

Subject:

CN="Traffic Space, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Traffic Space, LLC", L=Fort Lee, S=New Jersey, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

467713A2F5A50EE65E01FB50AFA60E0B

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:52 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

24576:HQ1rzifN1CR5zQDZVuB1kvUDdg30pdEGZWuvR:w1r+F1CHsdVundie3Xp

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9917

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove phx7082.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.