home

setup.exe

CloudCanvas, Inc.

The application setup.exe by CloudCanvas has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer.
Publisher:
CloudCanvas, Inc.  (signed and verified)

MD5:
8e6541083b475b4344ea24afe8e2ac89

SHA-1:
8f78bf839a7f0c26667e5dc323eac0f65904bd06

SHA-256:
43940e7c33dc4b7bc205c8bf699290eb3782e91f8c01c0d04ca31f13f72ae5dd

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:
4/19/2024 12:30:28 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:BHO-AMO [PUP]
2014.9-151119

Comodo Security
Heur.Suspicious
21364

Dr.Web
Adware.Plugin.36
9.0.1.0323

ESET NOD32
Win32/ExFriendAlert.A potentially unwanted
9.11300

G Data
Win32.Adware.Conduit
15.11.25

IKARUS anti.virus
PUA.ExFriendAlert
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15223

Malwarebytes
PUP.Optional.ExFriendAlert.A
v2015.11.19.12

McAfee
Artemis!8E6541083B47
5600.6576

NANO AntiVirus
Riskware.Win32.Conduit.dgiaiz
0.30.0.296

Reason Heuristics
PUP.CloudCanvas.Installer (M)
15.11.19.12

VIPRE Antivirus
Conduit
38310

File size:
1 MB (1,091,032 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
CloudCanvas, Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
3/1/2012 8:28:54 PM

Valid to:
3/1/2013 8:25:11 PM

Subject:
CN="CloudCanvas, Inc.", O="CloudCanvas, Inc.", L=Wilmington, S=DE, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4ED555C0E59DEC

File PE Metadata
Compilation timestamp:
6/6/2009 10:41:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:cZQM2iNYXEYfV+Jj/KSGdrfqLifhTygsrnq/njZQMH:cS3iNY0Yf8J7KSGdr/kgsrnkSs

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9698

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.