home

pidgin_setup.exe

Pidgin

Air Software

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application pidgin_setup.exe by Air Software has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
AirInstaller  (signed by Air Software)

Product:
Pidgin

Version:
1.0.0.5

MD5:
ed28962cfa5c996d45f8094b57512749

SHA-1:
d0e76f222c2df6d6c40e8f0608b05c0ba4750b0a

SHA-256:
87e4a6532b101887c63108e530ae29a65ec830ca3aa26fc20d571dcbecb17da5

Scanner detections:
4 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/19/2024 9:14:15 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.90
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.AirInstaller
11.5.0.6191

Norman
Gen:Variant.Application.Bundler.AirInstaller.4
02.04.2016 17:35:19

Reason Heuristics
PUP.Air Software.AirSoftw.Bundler (M)
16.5.17.10

File size:
428.5 KB (438,784 bytes)

Product version:
1.0.0.0

Copyright:
(c) AirInstaller. All rights reserved.

Original file name:
Launcher.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pidgin_setup.exe

Digital Signature
Signed by:
Air Software

Authority:
COMODO CA Limited

Valid from:
6/27/2011 12:00:00 AM

Valid to:
6/26/2012 11:59:59 PM

Subject:
CN=Air Software, O=Air Software, STREET=185-911 Yates St., STREET="Suite #327", L=Victoria, S=BC, PostalCode=V8V4Y9, C=CA

Issuer:
CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C3BFAFF5374660A208126E655CBD3E13

File PE Metadata
Compilation timestamp:
11/16/2011 9:32:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:xJ+m8YHIt1/0hdLZ0VZSFklkKKZIqIdWDfKad0gV:xWcIt18bqDMM1KZIqVzKS0gV

Entry address:
0x2EC6E

Entry point:
E8, 80, 5F, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 90, A1, 45, 00, 75, 02, F3, C3, E9, 07, 60, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 61, 83, 7D, 08, 00, 75, 13, E8, 68, 33, 00, 00, 6A, 16, 5E, 89, 30, E8, 71, 62, 00, 00, 8B, C6, EB, 48, 83, 7D, 10, 00, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, F8, 18, 00, 00, 83, C4, 0C, EB, C7, FF, 75, 0C, 6A, 00, FF, 75, 08, E8, F6, 2F, 00, 00, 83, C4, 0C, 83, 7D, 10, 00, 74, BB, 39, 75, 0C, 73, 0E, E8, 1E, 33, 00, 00, 6A...
 
[+]

Entropy:
6.1960

Code size:
279 KB (285,696 bytes)

Remove pidgin_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.