home

spuad2.exe

Setup Factory Runtime

MicroSmarts LLC

The application spuad2.exe, “Setup Application” by MicroSmarts has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Setup Factory installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.speeditupfree.com and multiple other hosts.
Publisher:
MicroSmarts LLC  (signed and verified)

Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.2.0.0

MD5:
02430809f8814866ad81a69e13cfc212

SHA-1:
0bdaeef43ebfcb38ae5f77b757a7d5970372a8c6

SHA-256:
fe1da35755cbb2dd2ee486dddcedcee9737df8bb02dbfa875cbd9de85427089e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 10:32:09 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Installer.MicroSmarts.G
14.2.16.4

File size:
1.7 MB (1,814,168 bytes)

Product version:
9.2.0.0

Copyright:
Setup Engine Copyright © 2004-2013 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\spuad2.exe

Digital Signature
Signed by:
MicroSmarts LLC

Authority:
VeriSign, Inc.

Valid from:
1/26/2011 12:00:00 AM

Valid to:
2/6/2014 11:59:59 PM

Subject:
CN=MicroSmarts LLC, OU=Software Division, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=MicroSmarts LLC, L=Olympia Fields, S=Illinois, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56BEC1881B0222777E8F497DF216DBFC

File PE Metadata
Compilation timestamp:
8/27/2013 8:10:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:fR2X6pymME2HAD/W5Rsleo+PWceamd6uIccB:fhIm0gDHMxJmd6uxcB

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

The file spuad2.exe has been seen being distributed by the following 2 URLs.

http://www.speeditupfree.com/.../upgradepath.exe

http://www.secure-ordercenter.com/.../upgradepath.exe

Remove spuad2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.