home

installer_songr_french.exe

Songr

Download Assistant

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application installer_songr_french.exe, “Songr ” by Download Assistant has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Download Assistant   (signed by Download Assistant)

Product:
Songr

Description:
Songr

Version:
3.0.0.47

MD5:
e9fc4439a29a4414db3315c490d0122c

SHA-1:
e6f48ab2e134068ee69d7479e63ce635523f4120

SHA-256:
8ce8387d0f1ae5188808455e91b6016ad7c19c43ef12ea84bcaea325401776da

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/28/2024 7:44:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.FX
803

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Win32:Adware-gen [Adw]
2014.9-141123

AVG
Generic
2015.0.3294

Bitdefender
Application.Bundler.FX
1.0.20.1635

Dr.Web
Trojan.Vittalia.3
9.0.1.0327

ESET NOD32
Win32/DownloadAssistant (variant)
8.10702

F-Secure
Application.Bundler.FX
11.2014-23-11_1

G Data
Win32.Application.DownloadAssistant
14.11.24

IKARUS anti.virus
PUA.DownloadAssistant
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.185.13965

Malwarebytes
PUP.Optional.DownloadAssistant
v2014.11.10.05

Reason Heuristics
PUP.Installer.DownloadAssistant.W
14.11.10.17

VIPRE Antivirus
Threat.4782985
34232

File size:
832.3 KB (852,312 bytes)

Product version:
3.0.0.47

Copyright:
(c) Download Assistant

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Digital Signature
Signed by:
Download Assistant

Authority:
VeriSign, Inc.

Valid from:
8/13/2014 2:00:00 AM

Valid to:
8/13/2016 1:59:59 AM

Subject:
CN=Download Assistant, O=Download Assistant, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6BC405E8AC962C676F54816BCC4D4311

File PE Metadata
Compilation timestamp:
11/10/2014 7:10:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:/pLGc/1HGsJEJ3aCsMk2gwPk5Dk4fJBtNVdc2EAZ:R6EFCsurkK4fLtYU

Entry address:
0x4C67F

Entry point:
E8, 4E, 1A, 01, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, E0, 3D, 4A, 00, 00, 74, 05, E9, B1, 1A, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6...
 
[+]

Code size:
466.5 KB (477,696 bytes)

The file installer_songr_french.exe has been seen being distributed by the following URL.

http://frall.filewin.com/.../download?p=FR-ADC&tmuid=ad447c743f66aa7329517adaa6bb94be

Remove installer_songr_french.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.