» setup.exe
Overview
Analysis
File Details

setup.exe

CloudCanvas, Inc.

The application setup.exe by CloudCanvas has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.

File name:

setup.exe

Publisher:

CloudCanvas, Inc. (signed and verified)

MD5:

f4a166cf38f47c452b197dc749f57ca3

SHA-1:

10f5eb6430798be464348f39d556fb0f5f210f33

SHA-256:

1527a9bf05bf19753627800bdbd7b09a4aee0ad761eea0db47d79e65e68f0e3e

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

4/24/2024 5:11:40 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:BHO-AMO [PUP]

2014.9-150208

Comodo Security

Heur.Suspicious

21011

Dr.Web

Adware.Yontoo.55

9.0.1.05190

ESET NOD32

Win32/ExFriendAlert.A potentially unwanted application

7.0.302.0

G Data

Win32.Adware.Conduit

15.2.25

IKARUS anti.virus

AdWare.Win32.ExFriendAlert

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.193.14899

Malwarebytes

PUP.Optional.Conduit.A

v2015.02.08.06

NANO AntiVirus

Trojan.Win32.ExFriendAlert.deiobm

0.30.0.65070

Reason Heuristics

PUP.Installer.CloudCanvas

15.2.8.18

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.3

VIPRE Antivirus

Threat.4786236

36694

File size:

2 MB (2,123,816 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

CloudCanvas, Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

2/21/2013 1:34:44 PM

Valid to:

2/21/2014 1:34:44 PM

Subject:

CN="CloudCanvas, Inc.", O="CloudCanvas, Inc.", L=Wilmington, S=DE, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B04DF33556E49

File PE Metadata

Compilation timestamp:

6/6/2009 5:41:59 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:HSIyNpaN8dalfwdg3hnZP58w3y+gosFoSGaN8dalfkJ:H30paN8dkfwW3hnZycy+g/GZaN8dkfQ

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.9851

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.