home

SoftwareUpdater.exe

Air Software

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application SoftwareUpdater.exe by Air Software has been detected as adware by 10 anti-malware scanners.
Publisher:
Software Updater  (signed by Air Software)

Product:
Software Updater

Version:
1.8.1.0

MD5:
d5ff32f3d69b9f8d87836a92d8a1293e

SHA-1:
0029f5e16cb2498d89e7211ef5c9aa0589c37933

SHA-256:
d0243ee8470c111216310d95c8d175025da89d37d4b378d16265242960d61704

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
4/24/2024 6:08:12 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Installer-L [PUP]
2014.9-141031

AVG
Airsoftware
2015.0.3304

Bkav FE
W32.Clod218.Trojan
1.3.0.4959

ESET NOD32
Win32/AirAdInstaller (variant)
8.10412

IKARUS anti.virus
PUA.AirAdInstaller
t3scan.1.7.8.0

McAfee
Artemis!D5FF32F3D69B
5600.6960

Panda Antivirus
Adware/AirInstaller
14.10.31.08

Reason Heuristics
DownloadManager.AirSoftware.P
14.10.31.19

Trend Micro House Call
Suspicious_GEN.F47V0911
7.2.304

VIPRE Antivirus
AirInstaller
33078

File size:
1.8 MB (1,931,856 bytes)

Product version:
1.8.1.0

Copyright:
(c) SoftwareUpdater. All rights reserved.

Original file name:
SoftwareUpdater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\software updater\softwareupdater.exe

Digital Signature
Signed by:
Air Software

Authority:
VeriSign, Inc.

Valid from:
1/24/2013 6:00:00 PM

Valid to:
3/26/2015 6:59:59 PM

Subject:
CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AC786E09219DF82DA830E461D4FC39F

File PE Metadata
Compilation timestamp:
11/20/2013 4:24:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:+0jb9BalIOPKx/bMCsuj6u6FAboQ8jFCysjz57tCrOsLLw164/7bwM:lZBaKOE/dsujf6FAboQ8jF2ttCrJLw1b

Entry address:
0x11C1D7

Entry point:
E8, FC, 8C, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 00, 11, 5A, 00, 75, 02, F3, C3, E9, 83, 8D, 00, 00, 8B, FF, 51, C7, 01, 60, 1C, 57, 00, E8, 7B, 8E, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 57, DC, EF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, BA, 8E, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 6A, 14, 68, C8, 49, 59, 00, E8, 73, 2C, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B...
 
[+]

Entropy:
6.4335

Code size:
1.3 MB (1,350,656 bytes)

Remove SoftwareUpdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.