home

Setup.exe

OSU

Hudson Exchange Group, LLC

The file Setup.exe, “Open Software Updater” by Hudson Exchange Group has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser. The file has been seen being downloaded from secure.1-fusioninstall.com and multiple other hosts.
Publisher:
${COMP_NAME}  (signed by Hudson Exchange Group, LLC)

Product:
OSU

Description:
Open Software Updater

Version:
3.1.0.0

MD5:
a1263b472586712c3786aba458bcc9cf

SHA-1:
f4bd7c0066f171a929838626b24ac7f21001770f

SHA-256:
f36fbf83f0d5c8b04be4e406a06812444a593932aacd37a8a0f68c522aa849d8

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 12:45:38 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.11268
9.0.1.05190

ESET NOD32
multiple threats
7.0.302.0

Qihoo 360 Security
HEUR/QVM40.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.HudsonExchangeGroup
15.5.3.0

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.15416

VIPRE Antivirus
Threat.5224003
45468

File size:
480.5 KB (492,024 bytes)

Copyright:
Copyright 2015

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Hudson Exchange Group, LLC

Authority:
Symantec Corporation

Valid from:
2/10/2015 6:00:00 PM

Valid to:
10/31/2016 6:59:59 PM

Subject:
CN="Hudson Exchange Group, LLC", O="Hudson Exchange Group, LLC", L=Woodcliff Lake, S=New Jersey, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
5B78F4208F4D587B6FA9A6AF8EC8FD12

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:o+idg2+HDG5YHb7dOueklSu8ZPycLjKQ93qvR7kj3:ota2+HDG5YHbJcrxZqCjqvR7k

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9001

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file Setup.exe has been seen being distributed by the following 4 URLs.

http://secure.1-fusioninstall.com/201403050052/672E455D1EB99697D33098D9613B99D9/.../Setup.exe

http://www.lpcloudsvr406.com/.../Setup.exe

http://secure.6-fusioninstall.com/o/.../Setup.exe

https://secureopensoftware.com/startdle.php

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.