» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Download Manager

Air Software

It uses the Air Installer distribution platform (a pay-per-install monetization download manager) to bundle unwanted software such as adware and browser toolbars during setup. The application setup.exe by Air Software has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from cdn.airdwnlds.com.

File name:

setup.exe

Publisher:

AirInstaller Inc. (signed by Air Software)

Product:

Download Manager

Version:

2.0.3.2

MD5:

edb75c33c010bc126391e1d116bfdd2d

SHA-1:

2d3a6f0c18de4e2d041edf06a986fdda12699509

SHA-256:

1b822928ef531e5a03561934a2e2330cb619ce17f981cfb400f1eb214ef8fe70

Scanner detections:

30 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

5/6/2024 3:26:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.AirInstaller.4

454

Agnitum Outpost

PUA.AirAd

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

7.11.218.148

avast!

Win32:Adware-CAH [PUP]

2014.9-151108

Bitdefender

Gen:Variant.Application.Bundler.AirInstaller.4

1.0.20.1560

Bkav FE

W32.Clod2fc.Trojan

1.3.0.4261

Comodo Security

Application.Win32.AirAdInstaller.A

21466

Dr.Web

Adware.Downware.624

9.0.1.0312

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.AirInstaller

8.15.11.08.10

ESET NOD32

Win32/AirAdInstaller.A potentially unwanted (variant)

9.11347

Fortinet FortiGate

Riskware/AirInstaller

11/8/2015

F-Prot

W32/AirInstall.A7.gen

v6.4.6.5.141

F-Secure

Gen:Variant.Application.Bundler

11.2015-08-11_1

G Data

Gen:Variant.Application.Bundler.AirInstaller

15.11.25

IKARUS anti.virus

PUA.AirAdInstaller

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.202.15316

Malwarebytes

PUP.Optional.AirInstaller

v2015.11.08.10

McAfee

Artemis!1FD78BE53C8D

5600.6588

MicroWorld eScan

Gen:Variant.Application.Bundler.AirInstaller.4

16.0.0.936

NANO AntiVirus

Trojan.Win32.Downware.danzul

0.30.8.659

Norman

Gen:Variant.Application.Bundler.AirInstaller.4

11.20151108

Panda Antivirus

Adware/AirInstaller

15.11.08.10

Quick Heal

Adware.AirAdInstaller.I5

11.15.14.00

Reason Heuristics

PUP.Air Software.AirSoftware.Bundler (M)

15.11.8.10

Rising Antivirus

PE:PUF.Airinstall!1.9C4C

23.00.65.151106

Sophos

AirInstaller

4.98

Trend Micro House Call

HV_ZYX_BK0841DD.TOMC

7.2.312

Vba32 AntiVirus

AdWare.AirAdInstaller

3.12.26.3

VIPRE Antivirus

AirInstaller

38580

Zillya! Antivirus

Adware.AirAdInstaller.Win32.862

2.0.0.2166

File size:

927.7 KB (949,928 bytes)

Product version:

2.0.3.2

Original file name:

AirInstallerOne.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Air Software

Authority:

VeriSign, Inc.

Valid from:

2/29/2012 7:00:00 PM

Valid to:

3/1/2013 6:59:59 PM

Subject:

CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

36D5AA8967E82240D5AFEC2F301B54ED

File PE Metadata

Compilation timestamp:

8/30/2012 6:43:04 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:FqoPoZ7gsHVe0lclvCPjsYCADtjAKFVdc3fKTfXL/21/pGiAC53T+d2i7Hn:FjAh1eYclvCPjNAKevMXkJAC53TG7Hn

Entry address:

0x220CC0

Entry point:

60, BE, 00, E0, 53, 00, 8D, BE, 00, 30, EC, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8873

Packer / compiler:

UPX 2.90LZMA

Code size:

908 KB (929,792 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://cdn.airdwnlds.com/downloads/bundles/ss/.../setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.