File Investigation Report
SDSETUP.EXECurrently being reviewed
The filename SDSETUP.EXE is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.
If you are concerned that your PC might be infected why not try our Free Prevx CSI Scanner. It will thoroughly check your PC for millions of active Spyware and malware infections and takes less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx CSI.
File Behavior
SDSETUP.EXE has been seen to perform the following behavior:
- The Process is polymorphic and can change its structure
- Executes Processes stored in Temporary Folders
- Executes a Process
- Writes to another Process's Virtual Memory (Process Hijacking)
- Adds a Registry Key (RUNONCE) to auto start Programs on system start up
- This Process Creates Other Processes On Disk
- This Process Deletes Other Processes From Disk
SDSETUP.EXE has been the subject of the following behavior:
- Created as a process on disk
- Deleted as a process from disk
- Executed as a Process
- Executed by Internet Explorer
- Has code inserted into its Virtual Memory space by other programs
- Victim of a Heap Based Buffer Overflow Exploit
- Registered as a Dynamic Link Library File
- Terminated as a Process
- Executed from Temporary Folders
Country Of Origin
The filename SDSETUP.EXE was first seen on Feb 21 2008 in the following geographical regions of the Prevx community:
- SPAIN on Feb 21 2008
- The EUROPEAN UNION on Mar 19 2008
File Name Aliases
SDSETUP.EXE can also use the following file names:
- CSI610B.TMP
- SPYWAREDOCTOR.5.5.0.212[TODOCVCD]POR.PAPAITOLOCO/SPYWARE.DOCTOR.V5.5.0.212.EXE
- SPYWARE DOCTOR 5.5.0.212 (UPDATEABLE)+PATCH-HEARTBUG/SDSETUP.EXE
- SPYWARE DOCTOR 5.5.0.212.EXE
- SPYWARE.DOCTOR.V5.5.0.212.EXE
- SDSETUP[1].EXE
- SDSETUP[2].EXE
- NGRM9AOI.EXE.PART
- SDSETUP(2).EXE
- SPYWAREDOCTERSETUP.EXE
- 35228798.EXE
- 27237019.EXE
- 99670477.EXE
- SPYWARE DOCTOR.EXE
- 89376551.EXE
- SDSETUP(3).EXE
- DC1.EXE
- DC3.EXE
- DC4.EXE
- 34618215.EXE
- 98276673.EXE
- SPYWARE DOCTOR 6.EXE
- SDSETUP(4).EXE
- 13111132.EXE
- CSI15.TMP
Filesizes
The following file size has been seen:
- 10,000,000 bytes
- 5,954,422 bytes
- 13,562,360 bytes
- 9,485,963 bytes
- 13,425,152 bytes
Vendor, Product and Version Information
Files with the name SDSETUP.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- PC Tools; Spyware Doctor Setup; 5.5.0.212
- PC Tools; Spyware Doctor Setup;
- PC Tools; Spyware Doctor Setup; 6.0.0.362
- Microsoft Corporation; Auto-extrator de arquivo de gabinete Win32; 6.00.2900.5512
- PC Tools; Spyware Doctor Setup; 5.5.0.204
File Type
The filename SDSETUP.EXE is used by multiple object types including executable programs,objects.