- Overview
- Analysis
- File Details
- Downloads (1)
setup.exe
</h4>
<h3>Air Software</h3>
<div style="margin-top: 15px; margin-bottom: 25px;" id="summary">This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Air Software has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.</div>
<div class="keyvaluepairs">
<div id="sectnav-overview" data-nav="nav-overview" class="keyvaluepair navsection" style="margin-top: 15px;"><div class="key">File name:</div><div class="value">setup.exe</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Publisher:</div><div class="value">AirInstaller Inc. (<span class="arevnounder" onclick="$('html,body').animate({scrollTop: $('#kvp-Signer').offset().top - 68}, 'normal');">signed by Air Software</span>)</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Product:</div><div class="value"><TITLE> </div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Version:</div><div class="value">2.0.3.13</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">MD5:</div><div class="value">69639dfa1ae38b3849a6de1b3368c414</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">SHA-1:</div><div class="value">c957e8c35e9b0cd8247e0dbc9eb080e2a4966db4</div><br style="clear:both;"></div>
<div class="keyvaluepair keyvaluepair-last"><div class="key">SHA-256:</div><div class="value">db936cbf0c177e7ea7c1aa3bbb03dc158eecd47a67589a4946f8994a41146cf9</div><br style="clear:both;"></div>
<div id="sectnav-analysis" data-nav="nav-analysis" class="header navsection">Analysis</div>
<div class="keyvaluepair"><div class="key">Scanner detections:</div><div class="value"><span class="text-red">26 / 68</span></div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Status:</div><div class="value"><span class="text-red text-bold">Adware</span></div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Description:</div><div class="value" style="color: #777777;">This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.</div><br style="clear:both;"></div>
<div class="keyvaluepair keyvaluepair-last"><div class="key">Analysis date:</div><div class="value">4/19/2024 10:56:25 AM UTC <span style="color: #999999;">(today)</span></div><br style="clear:both;"></div>
<div class="keyvaluepair" style="font-size: 11px; color: #999999;"><div class="analysis-engine">Scan engine</div><div class="analysis-result">Detection</div><div class="analysis-engineversion">Engine version</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-ad-aware">Lavasoft Ad-Aware</div><div class="analysis-result text-red">Gen:Variant.Application.Bundler.AirInstaller.4</div><div class="analysis-engineversion">407</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-agnitum">Agnitum Outpost</div><div class="analysis-result text-red">PUA.AirAd</div><div class="analysis-engineversion">7.1.1</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-antivir">Avira AntiVirus</div><div class="analysis-result text-red">Adware/AirAdInstaller.AB</div><div class="analysis-engineversion">7.11.148.6</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-avast">avast!</div><div class="analysis-result text-red">Win32:Adware-CAH [PUP]</div><div class="analysis-engineversion">2014.9-151225</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-bitdefender">Bitdefender</div><div class="analysis-result text-red">Gen:Variant.Application.Bundler.AirInstaller.4</div><div class="analysis-engineversion">1.0.20.1795</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-bkav">Bkav FE</div><div class="analysis-result text-red">W32.HfsAdware</div><div class="analysis-engineversion">1.3.0.6267</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-comodo">Comodo Security</div><div class="analysis-result text-red">Application.Win32.AirAdInstaller.B</div><div class="analysis-engineversion">19074</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-drweb">Dr.Web</div><div class="analysis-result text-red">Adware.Downware.624</div><div class="analysis-engineversion">9.0.1.0359</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-emsisoft">Emsisoft Anti-Malware</div><div class="analysis-result text-red">Gen:Variant.Application.Bundler.AirInstaller</div><div class="analysis-engineversion">8.15.12.25.08</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-eset">ESET NOD32</div><div class="analysis-result text-red">Win32/AirAdInstaller.A potentially unwanted application</div><div class="analysis-engineversion">9.7.0.302.0</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-f-prot">F-Prot</div><div class="analysis-result">W32/AirInstall.A7.gen</div><div class="analysis-engineversion">v6.4.6.5.141</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-f-secure">F-Secure</div><div class="analysis-result text-red">Riskware.Gen:Variant.Application.Bundler</div><div class="analysis-engineversion">11.2015-25-12_6</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-gdata">G Data</div><div class="analysis-result text-red">Win32.Adware.Airadinstaller</div><div class="analysis-engineversion">15.12.24</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-ikarus">IKARUS anti.virus</div><div class="analysis-result text-red">AdWare.AirAdInstaller</div><div class="analysis-engineversion">t3scan.1.6.1.0</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-k7antivirus">K7 AntiVirus</div><div class="analysis-result text-red">Unwanted-Program </div><div class="analysis-engineversion">13.186.14309</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-malwarebytes">Malwarebytes</div><div class="analysis-result text-red">PUP.Optional.Bundle</div><div class="analysis-engineversion">v2015.12.25.08</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-microworld">MicroWorld eScan</div><div class="analysis-result text-red">Gen:Variant.Application.Bundler.AirInstaller.4</div><div class="analysis-engineversion">16.0.0.1077</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-nano-antivirus">NANO AntiVirus</div><div class="analysis-result text-red">Riskware.Win32.Downware.degjbm</div><div class="analysis-engineversion">0.28.2.61942</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-norman">Norman</div><div class="analysis-result text-red">Gen:Variant.Application.Bundler.AirInstaller.4</div><div class="analysis-engineversion">11.20151225</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-panda">Panda Antivirus</div><div class="analysis-result text-red">Adware/AirInstaller</div><div class="analysis-engineversion">15.12.25.08</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-quickheal">Quick Heal</div><div class="analysis-result text-red">Adware.AirAdInstaller.I5</div><div class="analysis-engineversion">12.15.14.00</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-reason">Reason Heuristics</div><div class="analysis-result text-red">PUP.Air Software.AirSoftware.Bundler (M)</div><div class="analysis-engineversion">15.12.25.8</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-rising">Rising Antivirus</div><div class="analysis-result text-red">PE:PUF.Airinstall!1.9C4C</div><div class="analysis-engineversion">23.00.65.151223</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-sophos">Sophos</div><div class="analysis-result text-red">AirInstaller</div><div class="analysis-engineversion">4.98</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="analysis-engine engineicon engineicon-vipre">VIPRE Antivirus</div><div class="analysis-result text-red">Threat.4782985</div><div class="analysis-engineversion">31208</div><br style="clear:both;"></div>
<div class="keyvaluepair keyvaluepair-last"><div class="analysis-engine engineicon engineicon-zillya">Zillya! Antivirus</div><div class="analysis-result text-red">Trojan.BlackGen.Win32.8</div><div class="analysis-engineversion">2.0.0.2215</div><br style="clear:both;"></div>
<div id="sectnav-details" data-nav="nav-details" class="header navsection">File Details</div>
<div class="keyvaluepair"><div class="key">File size:</div><div class="value">2.1 MB (2,156,184 bytes)</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Product version:</div><div class="value">2.0.3.13</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Copyright:</div><div class="value">(c) AirInstaller. All rights reserved.</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Original file name:</div><div class="value">AirInstaller.exe</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">File type:</div><div class="value">Executable application (Win32 EXE)</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Bundler/Installer:</div><div class="value">AirInstaller Download Manager</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Language:</div><div class="value">English (United States)</div><br style="clear:both;"></div>
<div class="keyvaluepair keyvaluepair-last"><div class="key">Common path:</div><div class="value" style="word-wrap: break-word;">C:\users\{user}\downloads\setup.exe</div><br style="clear:both;"></div>
<div id="kvp-Signer" class="subheader">Digital Signature</div>
<div class="keyvaluepair"><div class="key">Signed by:</div><div class="value"><a href="/signer-air-software-36d5aa8967e82240d5afec2f301b54ed.aspx">Air Software</a></div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Authority:</div><div class="value">VeriSign, Inc.</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Valid from:</div><div class="value">2/29/2012 6:00:00 PM</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Valid to:</div><div class="value">3/1/2013 5:59:59 PM</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Subject:</div><div class="value">CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Issuer:</div><div class="value">CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</div><br style="clear:both;"></div>
<div class="keyvaluepair keyvaluepair-last"><div class="key">Serial number:</div><div class="value">36D5AA8967E82240D5AFEC2F301B54ED</div><br style="clear:both;"></div>
<div class="subheader">File PE Metadata</div>
<div class="keyvaluepair"><div class="key">Compilation timestamp:</div><div class="value">11/7/2012 5:53:33 PM</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">OS version:</div><div class="value">5.1</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">OS bitness:</div><div class="value">Win32</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Subsystem:</div><div class="value">Windows GUI</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Linker version:</div><div class="value">10.0</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">CTPH (ssdeep):</div><div class="value" style="word-wrap: break-word;">49152:YdTxnTG32id4Btsf3I1fSMuxM9O0UCeHWKfn9ZNDDrgLJ4ah4nnGBKb8G6Oca:YLk2id4BtOI1fSA9O0UCxKfn9bDrgLJy</div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Entry address:</div><div class="value">0x1432F2</div><br style="clear:both;"></div>
<div id="divPEEntryPointBuffer" class="keyvaluepair" style="height: 20px; overflow: hidden;"><div class="key">Entry point:</div><div class="value" style="font-family: Monospace; color: #666666; font-size: 12px; position: relative;">E8, DF, 93, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, B0, 9D, 5D, 00, 75, 02, F3, C3, E9, 66, 94, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, ED, 22, 00, 00, 6A, 16, 5E, 89, 30, E8, D4, 96, 00, 00, 8B, C6, EB, 2A, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 0E, E8, CF, 22, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, DE, 50, FF, 75, 10, FF, 75, 08, E8, EA, 11, 00, 00, 83, C4, 0C, 33, C0, 5E, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8...<div id="overlayPEEntryPointBuffer" style="width: 580px; height: 33px; box-shadow: inset 0 -30px 11px -18px #ffffff; position: absolute; top: 0px;"> </div><span id="togglePEEntryPointBuffer" class="arevnounder" style="position: absolute; top: -1px; right: -10px;" onclick="$('#overlayPEEntryPointBuffer').hide(); $('#divPEEntryPointBuffer').css({ 'height': '' }); $(this).fadeOut('fast');">[+]</span></div><br style="clear:both;"></div>
<div class="keyvaluepair"><div class="key">Entropy:</div><div class="value">6.4896</div><br style="clear:both;"></div>
<div class="keyvaluepair keyvaluepair-last"><div class="key">Code size:</div><div class="value">1.5 MB (1,539,072 bytes)</div><br style="clear:both;"></div>
<div id="sectnav-resourceurls" data-nav="nav-resourceurls" class="header navsection">Downloads</div>
<div class="keyvaluepair"><div class="descr">The file setup.exe has been seen being distributed by the following URL.</div><br style="clear:both;"></div>
<div class="keyvaluepair keyvaluepair-last"><div class="keyvalue nowrap""><a href="/domain-dl.airdwnlds.com.aspx">http://dl.airdwnlds.com/get/click/.../?sid=noram</a></div><br style="clear:both;"></div>
</div>
<div style="margin-top: 40px;">
<div style="background-image: url('/images/download24.png'); background-repeat: no-repeat; text-indent: 30px; height: 32px; text-align: left;"><a href="https://www.reasoncoresecurity.com/download-thank-you.aspx?dl=1&utm_source=hp&utm_medium=link&utm_campaign=resource" style="font-weight: bold; color: #075cae; font-size: 16px; text-decoration: underline;" title="Download Reason Core Security (free)...">Remove setup.exe</a> <span style="font-size: 11px; color: #999999;">- Powered by Reason Core Security</span></div>
</div>
<div style="margin-top: 40px;"><img src="images/disclaimer.png" style="height: 110px; width: 765px;"></div>
</div>
</div>
</div>
<div class="sectionsignature"></div>
</div>
<div class="sectionfooter">
<div class="sectionfooter-top">
<div class="container">
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.
</div>
</div>
<div class="sectionfooter-bottom">
<div class="container" style="padding: 10px 0px 80px 0px;">
<ul style="float: left; padding: 0px; margin: 0px;">
<li>© 2024 herdProtect</li>
<li><a href="/">Home</a></li>
<li><a href="/community.aspx">Community</a></li>
<li><a href="/terms.aspx">Terms of Service</a></li>
<li><a href="/privacy.aspx">Privacy Policy</a></li>
<li><a href="/about.aspx">About</a></li>
<li><a href="/contact.aspx">Contact</a></li>
</ul>
</div>
</div>
</div>
</div>
<div id="backgroundModal" style="position: fixed; left: 0; top: 0; width: 100%; height: 100%; z-index: 990; display: none; background-color: #ffffff; opacity: 0.7;"></div>
<div id="windowModalGeneric" class="windowModal" style="display: none; z-index:1000; position:absolute; background:#ffffff; padding: 8px; border: solid 1px #999999; -webkit-box-shadow: 0px 0px 10px 1px rgba(0, 0, 0, 0.15); box-shadow: 0px 0px 10px 1px rgba(0, 0, 0, 0.15);">
<div class="arevnounder" style="position: absolute; top: 1px; right: 1px;width: 26px; height: 22px; cursor: pointer; z-index: 8040; text-align: center; padding-top: 2px; font-weight: bold;" onclick="toggleModal('windowModalGeneric');">X</div>
<div class="windowModalInner" style="height: 200px; width: 500px; padding: 10px 15px; position: relative; background:#FFFFFF; overflow: auto;">
<div id="windowModalContent"></div>
</div>
</div>
<script>(function(t,e){t[e]=t[e]||function(){(t[e].q=t[e].q||[]).push(arguments)},t[e].t=1*new Date;var n=document.createElement("script");n.type="text/javascript",n.async=!0,n.src="//static.queit.in/sdk.js";var a=document.getElementsByTagName("script")[0];a.parentNode.insertBefore(n,a)})(window,"uncl");uncl('create', 'dceb5ac5-4708-475d-a99e-48ce404f5184', {config: {apiUrl: '//reason.queit.in/api'}});uncl('set', 'session-id', 2259d45a-d5a0-4fa6-9585-4fa04d6c9d77);</script>
</form>
</body>
</html>