home

ax3dengine.dll

AirTool

SIEN INTERNET PRODUCTS LTD

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module ax3dengine.dll by SIEN INTERNET PRODUCTS has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer.
Publisher:
AirTool S.R.L.  (signed by SIEN INTERNET PRODUCTS LTD)

Product:
AirTool

Version:
1.0.2.1

MD5:
2cfefc7df0d291b2340f93dc81b262fe

SHA-1:
49b613ec2f0706c0b72999662b2909dc9f2297d3

SHA-256:
d14f8c2a16b1e3bed731c9dfad82143fd6082ab8592f1868487ec7b26df99a42

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
8/9/2025 6:05:39 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien.SIENINTERNETPRODUCTS.Bundler (M)
15.12.7.13

File size:
81.6 KB (83,576 bytes)

Product version:
1.0.2.1

Copyright:
Copyright (C) 2013

Original file name:
AirTool.exe

File type:
Dynamic link library (Win32 DLL)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\airtool\bin\ax3dengine.dll

Digital Signature
Signed by:
SIEN INTERNET PRODUCTS LTD

Authority:
GlobalSign nv-sa

Valid from:
6/18/2015 1:38:06 PM

Valid to:
6/18/2016 1:38:06 PM

Subject:
CN=SIEN INTERNET PRODUCTS LTD, O=SIEN INTERNET PRODUCTS LTD, L=London, S=LONDON, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112197E7BBA82299D8F1DCEDCE8898C6F8C6

File PE Metadata
Compilation timestamp:
10/27/2015 9:17:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:K57KtvoxoZ7PdgShDtM4kkd3EDvtnnPOFyFz8xSLcQ2Z9A/A7:BdoxqzR1kd5YyFz8xS8V

Entry address:
0x138D

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B2, 18, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 28, A0, 00, 10, FF, 15, 18, 60, 00, 10, 85, C0, 75, 18, 56, E8, 56, 19, 00, 00, 8B, F0, FF, 15, 14, 60, 00, 10, 50, E8, 06, 19, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 4C, 61, 00, 10, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75...
 
[+]

Code size:
20 KB (20,480 bytes)

Remove ax3dengine.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.