» airc223.exe
Overview
Analysis
File Details
Downloads (1)

airc223.exe

Sara Kodama Project

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application airc223.exe by Sara Kodama Project has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.newinputinfoservice.com. It is distributed as part of the Brightcircle group of browser-extensions.

File name:

airc223.exe

Publisher:

Czysfnm & co. (signed by Sara Kodama Project)

Description:

Pwjlx

Version:

8.23.11.6

MD5:

9feb9ce0353a1db8127c129c94d5fa40

SHA-1:

59148d17d4c6b917d8f6247ee0adcd7224f5ab11

SHA-256:

7ccf725483029f9ee44b84eb8f3181efbb0e19f2a4481ef8c7e9fa0fb4086357

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/1/2024 8:37:34 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Brightcircle (M)

17.2.19.1

File size:

11.3 MB (11,841,384 bytes)

Trademarks:

Drjzakpqivpx is a trademark of Oydxjbwr

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\airc223.exe

Digital Signature

Signed by:

Sara Kodama Project

Authority:

COMODO CA Limited

Valid from:

10/19/2014 12:00:00 PM

Valid to:

10/20/2015 11:59:59 AM

Subject:

CN=Sara Kodama Project, O=Sara Kodama Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

75E47031A737D2A200F0C7A94034399F

File PE Metadata

Compilation timestamp:

12/4/2012 1:55:11 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

Entry address:

0x412D

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 73, 45, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 74, 45, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 74, 45, 00, 56, A3, F4, E7, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 50, E8, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, 74, 45, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7... 
[+]

Entropy:

7.9994 (probably packed)

Code size:

33.5 KB (34,304 bytes)

The file airc223.exe has been seen being distributed by the following URL.

http://dl.newinputinfoservice.com/virt/.../sms15.exe

Remove airc223.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.