home

publictransportsetup.exe

Public Transport Toolbar Powered by Inbox

Xacti

The application publictransportsetup.exe, “Public Transport Toolbar Powered by Inbox Setup ” by Xacti has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from toolbar.inbox.com.
Publisher:
Xacti, LLC   (signed by Xacti)

Product:
Public Transport Toolbar Powered by Inbox

Description:
Public Transport Toolbar Powered by Inbox Setup

Version:
2.0.1.115

MD5:
961b5137af18a6c143190908ff344a61

SHA-1:
3701e410e3abb78c497cf3598d4c7f78313d1212

SHA-256:
f312cfc59ebf737940525b3151f72a23782f3d85069e8b073f8bcfd46297bb11

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 3:23:44 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12396729
376

Avira AntiVirus
Adware/Agent.2488312
7.11.205.118

Bitdefender
Trojan.Generic.12396729
1.0.20.120

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.PCFixSpeed
0.98/19311

Comodo Security
Application.Win32.Inbox.E
19174

Dr.Web
Adware.Downware.9458
9.0.1.024

Emsisoft Anti-Malware
Trojan.Generic.12396729
8.16.01.24.12

ESET NOD32
Win32/Toolbar.Crawler.B potentially unwanted application
10.7.0.302.0

F-Secure
Trojan.Generic.12396729
11.2016-24-01_1

G Data
Trojan.Generic.12396729
16.1.24

IKARUS anti.virus
PUA.Toolbar
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13379

Malwarebytes
PUP.Optional.ToolBarInstaller
v2016.01.24.12

MicroWorld eScan
Trojan.Generic.12396729
17.0.0.72

NANO AntiVirus
Riskware.Win32.Toolbar.dqlgsc
0.30.16.1110

Norman
Trojan.Generic.12396729
11.20160124

nProtect
Trojan.Generic.12396729
14.12.31.01

Reason Heuristics
Win32.Generic
16.1.24.12

File size:
2.4 MB (2,486,928 bytes)

Product version:
2.0.1.115

Copyright:
copyright © Inbox.com

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\publictransportsetup.exe

Digital Signature
Signed by:
Xacti

Authority:
Thawte, Inc.

Valid from:
8/28/2013 5:00:00 PM

Valid to:
9/18/2015 4:59:59 PM

Subject:
CN=Xacti, O=Xacti, L=Boca Raton, S=Florida, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
723180E2A807DDA0F77264108931DA53

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:1TW/5niIoLhbx7N+eu4gYHEnaLXpbcwJKohoG00Lh+Wy06sPkDebA5rOYiZnk:JW/5i9rI4onaQG00Lh+vLokDebSivZnk

Entry address:
0xC1C0

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, C8, C0, 40, 00, E8, 60, 86, FF, FF, 33, C0, 55, 68, 85, C8, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 41, C8, 40, 00, 64, FF, 32, 64, 89, 22, A1, 60, E6, 40, 00, E8, 5E, FD, FF, FF, E8, C9, F8, FF, FF, 8D, 55, EC, 33, C0, E8, 93, CA, FF, FF, 8B, 55, EC, B8, 8C, F0, 40, 00, E8, 0A, 77, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 8C, F0, 40, 00, B2, 01...
 
[+]

Entropy:
7.9940

Developed / compiled with:
Microsoft Visual C++

Code size:
46.5 KB (47,616 bytes)

The file publictransportsetup.exe has been seen being distributed by the following URL.

http://toolbar.inbox.com/.../PublicTransportSetup.exe

Remove publictransportsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.