» airbd95.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

airbd95.exe

Installer

The application airbd95.exe has been detected as a potentially unwanted program by 17 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from d1vcfkttd7h7ym.cloudfront.net. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

airbd95.exe

Product:

Installer

Version:

1.0.0.0

MD5:

920a98d8014538e4e3b96bc8210373f9

SHA-1:

7b5c312c2791b30521728dc9ecf09d16cd48fdcb

SHA-256:

51feb8b7168461412e2c0243618323a1132aad00c91e9d6c1cb790f51e927ceb

Scanner detections:

17 / 68

Status:

Potentially unwanted

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

5/5/2024 10:20:58 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

ADWARE/BrowseFox.Gen7

8.3.1.6

avast!

Win32:Adware-gen [Adw]

2014.9-160106

AVG

Downloader

2017.0.2872

Baidu Antivirus

Adware.MSIL.iBryte

4.0.3.1616

Comodo Security

ApplicUnwnt

22979

ESET NOD32

MSIL/Adware.iBryte (variant)

10.12074

Fortinet FortiGate

Adware/IBryte

1/6/2016

K7 AntiVirus

Adware

13.207.16843

Kaspersky

not-a-virus:AdWare.MSIL.iBryte

14.0.0.855

McAfee

Artemis!920A98D80145

5600.6528

NANO AntiVirus

Riskware.Win32.IBryte.dqikgx

0.30.24.3079

Panda Antivirus

Generic Suspicious

16.01.06.11

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Win32.Generic.18327C8A!405961866

23.00.65.16104

Trend Micro

TROJ_GEN.R02SC0OCR15

10.465.06

VIPRE Antivirus

iBryte

42788

File size:

1.6 MB (1,628,672 bytes)

Product version:

1.0.0.0

Original file name:

Installer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\airbd95.exe

File PE Metadata

Compilation timestamp:

3/3/2015 4:57:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:ydfGdo/tg4BbzEZid5FWJjmcrZ9MXEfk3+rdOAeEl5lbNaP/WJbb2uZjAAmT/TSS:qggIwIJjD9M6h4MIPOJ/2UMAmK

Entry address:

0x18E479

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.9589

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.5 MB (1,623,552 bytes)

The file airbd95.exe has been seen being distributed by the following URL.

http://d1vcfkttd7h7ym.cloudfront.net/.../gb-installer-ns.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove airbd95.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.