home

angry birds setup.exe

I.T.N.T. SRL

This the Soft32 ad-supported download manager that bundles additional PUP offers. "During the download process we may show commercial offers, such as a toolbar or other browser add-ons. The download manager is in no way affiliated or endorsed by the author of this product." The application angry birds setup.exe by I.T.N.T. SRL has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Soft32 Download Manager installer. The file has been seen being downloaded from angry-birds.soft32.com.
Publisher:
I.T.N.T. SRL  (signed and verified)

Version:
1.0.0.0

MD5:
d1ff07ecedc3b95fe452e9b980245245

SHA-1:
55fee6f35fc94ada90d5a40633a323c528ebee6b

SHA-256:
bcadfa4c53d22bcb0bad47a6bbd76e5422ad9aeab17b7990bbd7b09986c574e9

Scanner detections:
16 / 68

Status:
Adware

Explanation:
The setup file is part of the Soft32.com download and install manager. It is an ad-supported installer and attempts to get the user to install various adware toolbars, browser add-ons, game applications or other potentially unwanted programs. If a sponsored software offer such as a toolbar is installed it might change the User’s home page, default search settings and 404 traffic. Note, the software installed by Soft32 is probably safe, just the installer is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 8:52:20 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Soft32Downloader
7.1.1

AhnLab V3 Security
Adware/Win32.Bundler
2015.06.19

Avira AntiVirus
APPL/Downware.AK
8.3.1.6

Comodo Security
Application.Win32.Agent.S
22492

Dr.Web
Adware.Downware.10466
9.0.1.05190

ESET NOD32
Win32/Soft32Downloader.C potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Soft32Downloader
6/18/2015

F-Prot
W32/Soft32Download.A.gen
4.6.5.141

K7 AntiVirus
Trojan
13.205.16287

Malwarebytes
PUP.Optional.AdBundle
v2015.06.18.12

NANO AntiVirus
Riskware.Win32.Downloader.cvxhzw
0.30.24.2086

Quick Heal
PUA.Itntsrl.Gen
6.15.14.00

Reason Heuristics
PUP.Downloader.Bundler.Soft32.Installer
15.6.18.8

Rising Antivirus
PE:PUF.Soft32Downloader!1.9C52
23.00.65.15616

Trend Micro House Call
HV_ZYX_BK0846A5.TOMC
7.2.169

VIPRE Antivirus
Threat.4783370
40828

File size:
877.3 KB (898,400 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Soft32 Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\angry birds setup.exe

Digital Signature
Signed by:
I.T.N.T. SRL

Authority:
VeriSign, Inc.

Valid from:
1/26/2012 12:00:00 AM

Valid to:
3/22/2015 11:59:59 PM

Subject:
CN=I.T.N.T. SRL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=I.T.N.T. SRL, L=Sibiu, S=Sibiu, C=RO

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2C5182859A028A663B668C63FE5C1CD7

File PE Metadata
Compilation timestamp:
10/17/2012 1:53:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:hefrRpwxleHv3Imby4aJIAZxHSwVXiBSViJ2+e4bmxBzqWVqqVt08hclPOXK0eT2:awDiwmviIAZl3yN4Cyz5F+P10o9

Entry address:
0x2A16B0

Entry point:
60, BE, 00, 40, 5D, 00, 8D, BE, 00, D0, E2, FF, C7, 87, 34, 7C, 21, 00, BB, 44, 16, 19, 57, 83, CD, FF, EB, 0E, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.8878

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub

Code size:
824 KB (843,776 bytes)

The file angry birds setup.exe has been seen being distributed by the following URL.

http://angry-birds.soft32.com/get/file/.../799862?gclid=CKXWo4-SibMCFURxQgodOVgAiQ&

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-235-254-52.compute-1.amazonaws.com  (54.235.254.52:80)

Remove angry birds setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.