SoftwareUpdater.exe

Air Software

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application SoftwareUpdater.exe by Air Software has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program Software Updater version 1.8.3 by Air Software which is a potentially unwanted software program. While running, it connects to the Internet address server-54-230-39-2.jfk1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Software Updater  (signed by Air Software)

Product:
Software Updater

Version:
1.8.3.0

MD5:
206c021869f91a00aea0b2a548e29f24

SHA-1:
f17452d1785343e324eb33acc2d10bf31a0fa4de

SHA-256:
4b242b3af01952c5a60c8b0b63a212c0c2e183efdcb5604b7d610c3e35837f3b

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
11/25/2017 10:43:34 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Installer-L [PUP]
2014.9-131224

AVG
Win32/DH
2014.0.3615

Reason Heuristics
DownloadManager.AirSoftware.P
14.8.7.18

Trend Micro House Call
TROJ_GEN.F47V1128
7.2.358

VIPRE Antivirus
AirInstaller
24398

File size:
1.8 MB (1,933,392 bytes)

Product version:
1.8.3.0

Copyright:
(c) SoftwareUpdater. All rights reserved.

Original file name:
SoftwareUpdater.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\software updater\softwareupdater.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/25/2013 2:00:00 AM

Valid to:
3/27/2015 1:59:59 AM

Subject:
CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AC786E09219DF82DA830E461D4FC39F

File PE Metadata
Compilation timestamp:
11/26/2013 8:38:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:DypyE91LwW5JX8dX9+s9N4K/DUyxWnJt0Ik0XTIdJ7+YJbIcMYPFW0/y:WyE91L5JgXp9N4EDUyxWnzrOdJ7rbIcQ

Entry address:
0x11C50E

Entry point:
E8, F5, 8C, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 00, 11, 5A, 00, 75, 02, F3, C3, E9, 7C, 8D, 00, 00, 8B, FF, 51, C7, 01, 60, 1C, 57, 00, E8, 74, 8E, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 30, DC, EF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, B3, 8E, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 6A, 14, 68, A0, 4C, 59, 00, E8, 6C, 2C, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B...
 
[+]

Entropy:
6.4284

Code size:
1.3 MB (1,351,168 bytes)

The file SoftwareUpdater.exe has been discovered within the following program.

This program will download and install additional adware or other unwanted software using the Air Installer, an ad-supported download manager.
software-updater.com/terms
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to server-54-230-39-2.jfk1.r.cloudfront.net  (54.230.39.2:80)

Remove SoftwareUpdater.exe - Powered by Reason Core Security