home

air64a4.exe

SettingsManager

AZTEC MEDIA INC.

The application air64a4.exe, “Settings Manager Install” by AZTEC MEDIA INC has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.cdn.aztecbe.com.
Publisher:
Aztec Media Inc  (signed by AZTEC MEDIA INC.)

Product:
SettingsManager

Description:
Settings Manager Install

Version:
5.0.0.13542

MD5:
a917ba248ddfe39cc0ff04d61ff9acc7

SHA-1:
f1156058331e89a8c55af4271e3d406b8f3fddfe

SHA-256:
c2721f42f7bc90d187dc1c991d9beacba66b45d2cd818e2172c39068d66d4f89

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
5/21/2024 3:42:57 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.SearchSuite
4.0.3.1488

F-Prot
W32/SearchSuite.A.gen
v6.4.7.1.166

G Data
Win32.Application.AztecSystemK
14.8.24

herdProtect (fuzzy)
variant of air698b.exe (Adware)
2014.10.7.11

IKARUS anti.virus
PUA.Toolbar.SearchSuite
t3scan.1.6.1.0

Kaspersky
not-a-virus:WebToolbar.Win64.SearchSuite
14.0.0.3436

Malwarebytes
PUP.Optional.Linkey.A
v2014.08.08.05

McAfee
Artemis!A917BA248DDF
5600.7044

Panda Antivirus
Trj/Chgt.C
14.08.08.05

Reason Heuristics
PUP.APN.Installer.H
14.8.8.17

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10346

Trend Micro House Call
Suspicious_GEN.F47V0806
7.2.220

File size:
8.2 MB (8,571,912 bytes)

Product version:
5.0.0.13542

Copyright:
Copyright (c) 2005 - 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\air64a4.exe

Digital Signature
Signed by:
AZTEC MEDIA INC.

Authority:
Thawte, Inc.

Valid from:
1/28/2014 6:00:00 PM

Valid to:
5/19/2015 6:59:59 PM

Subject:
CN=AZTEC MEDIA INC., OU=Development, O=AZTEC MEDIA INC., L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7DE0D719BBAF922D3A980DBD523B959A

File PE Metadata
Compilation timestamp:
5/30/2013 3:09:10 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:KwvMN2n6zUew6hEGBgxbNWsvu7+VbYim6QLmhQaI/t9cdEt:zvMN2nteFxg/Nu7+VbFVE/UdEt

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, A1, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, B8, 3E, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 3D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, A3, 40, 00, FF, 15, 80, 91, 40, 00, 68, 04, A3, 40, 00, 68, C0, BD, 46, 00, E8, 8F, 27, 00, 00, FF, 15, B4, 90, 40, 00, 50, BF, A0, 40, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9996

Packer / compiler:
Nullsoft install system v2.x

Code size:
28.5 KB (29,184 bytes)

The file air64a4.exe has been seen being distributed by the following URL.

http://download.cdn.aztecbe.com/cdn/partners/airinstaller/.../SettingsManagerSetup.exe

Remove air64a4.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.