» ainjectr.exe
Overview
Analysis
File Details

ainjectr.exe

Statscom

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application ainjectr.exe by Statscom has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Tightrope WebInstall installer.

File name:

ainjectr.exe

Publisher:

Statscom (signed and verified)

MD5:

d424fc62e1e2ef315f4d52001b0983f2

SHA-1:

5a2ed9ab3481228fbf2c1a42ff726561f7cc2031

SHA-256:

09cdca2a7a6ff55f42d0263e3ce81ad74f9a20ed23b126e72beaa8b926b7c62f

Scanner detections:

14 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 1:26:14 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

7.11.178.170

AVG

Generic

2015.0.3311

Baidu Antivirus

Adware.Win32.DownloadAdmin

4.0.3.141025

Comodo Security

ApplicUnwnt

19812

Dr.Web

Trojan.DownLoader11.33656

9.0.1.0298

ESET NOD32

Win32/DownloadAdmin

8.10569

Fortinet FortiGate

Riskware/DownloadAdmin

10/25/2014

F-Secure

Adware:W32/WebInstallBundle

11.2014-25-10_7

Malwarebytes

PUP.Optional.DownloadAdmin

v2014.10.25.07

Reason Heuristics

PUP.Statscom.I

14.10.25.7

Sophos

Generic PUA FK

4.98

Trend Micro House Call

Suspicious_GEN.F47V0906

7.2.298

VIPRE Antivirus

Trojan.Win32.Generic

33952

File size:

916.2 KB (938,200 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Tightrope WebInstall (using Nullsoft Install System)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\programs\ainjectr.exe

Digital Signature

Signed by:

Statscom

Authority:

VeriSign, Inc.

Valid from:

7/22/2014 7:00:00 AM

Valid to:

7/22/2017 6:59:59 AM

Subject:

CN=Statscom, O=Statscom, L=SAN FRANCISCO, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

168FC1E941808849273C2F629E69FF2D

File PE Metadata

Compilation timestamp:

6/17/2014 10:35:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:WxpJMyVWJ0q4kfS6wKhmcRf6vEh7+KAFgtp51idtDWEqOWtVr2/NoPH483:ipanJ0ZkKIh7mFgfidtDWEn20/Not

Entry address:

0x3341

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, B0, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, C0, 70, 40, 00, 53, FF, 15, 88, 72, 40, 00, 6A, 08, A3, F8, 24, 7A, 00, E8, 2C, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, 00, 24, 7A, 00, 8D, 44, 24, 38, 50, 53, 68, 43, 74, 40, 00, FF, 15, 64, 71, 40, 00, 68, 38, 74, 40, 00, 68, 00, 1C, 7A, 00, E8, 1D, 24, 00, 00, FF, 15, BC, 70, 40, 00, 50, BF, 00, 80, 7A, 00, 57, E8, 0B, 24, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

Remove ainjectr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.