» SoftwareUpdater.exe
Overview
Analysis
File Details
Programs (1)
Network (1)

SoftwareUpdater.exe

Air Software

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application SoftwareUpdater.exe by Air Software has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program Software Updater version 1.8.3 by Air Software which is a potentially unwanted software program. While running, it connects to the Internet address server-54-230-39-2.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

SoftwareUpdater.exe

Publisher:

Software Updater (signed by Air Software)

Product:

Software Updater

Version:

1.8.3.0

MD5:

206c021869f91a00aea0b2a548e29f24

SHA-1:

f17452d1785343e324eb33acc2d10bf31a0fa4de

SHA-256:

4b242b3af01952c5a60c8b0b63a212c0c2e183efdcb5604b7d610c3e35837f3b

Scanner detections:

5 / 68

Status:

Adware

Analysis date:

4/20/2024 1:21:53 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Installer-L [PUP]

2014.9-131224

AVG

Win32/DH

2014.0.3615

Reason Heuristics

DownloadManager.AirSoftware.P

14.8.7.18

Trend Micro House Call

TROJ_GEN.F47V1128

7.2.358

VIPRE Antivirus

AirInstaller

24398

File size:

1.8 MB (1,933,392 bytes)

Product version:

1.8.3.0

Original file name:

SoftwareUpdater.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\software updater\softwareupdater.exe

Digital Signature

Signed by:

Air Software

Authority:

VeriSign, Inc.

Valid from:

1/25/2013 2:00:00 AM

Valid to:

3/27/2015 1:59:59 AM

Subject:

CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3AC786E09219DF82DA830E461D4FC39F

File PE Metadata

Compilation timestamp:

11/26/2013 8:38:18 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:DypyE91LwW5JX8dX9+s9N4K/DUyxWnJt0Ik0XTIdJ7+YJbIcMYPFW0/y:WyE91L5JgXp9N4EDUyxWnzrOdJ7rbIcQ

Entry address:

0x11C50E

Entry point:

E8, F5, 8C, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 00, 11, 5A, 00, 75, 02, F3, C3, E9, 7C, 8D, 00, 00, 8B, FF, 51, C7, 01, 60, 1C, 57, 00, E8, 74, 8E, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 30, DC, EF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, B3, 8E, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 6A, 14, 68, A0, 4C, 59, 00, E8, 6C, 2C, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B... 
[+]

Entropy:

6.4284

Code size:

1.3 MB (1,351,168 bytes)

The file SoftwareUpdater.exe has been discovered within the following program.

Software Updater version 1.8.3 by Air Software

This program will download and install additional adware or other unwanted software using the Air Installer, an ad-supported download manager.

software-updater.com/terms

80% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to server-54-230-39-2.jfk1.r.cloudfront.net (54.230.39.2:80)

Remove SoftwareUpdater.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.