» yahoo_pidgin_setup.exe
Overview
Analysis
File Details

yahoo_pidgin_setup.exe

Yahoo_Pidgin

Air Software

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application yahoo_pidgin_setup.exe by Air Software has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

Publisher:

AirInstaller (signed by Air Software)

Product:

Yahoo_Pidgin

Version:

1.0.3.6

MD5:

ced88c9d26056e218a96624f8ddff37c

SHA-1:

d5997d148aa1c8182bdd8dd483bc6ef4f6a180e9

SHA-256:

70ca7d0c84daf1fb11b1b00e54cbf79f00c6da38bd6db93cd782972a841b16b3

Scanner detections:

12 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 6:32:00 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.AirInstaller.4

385

AVG

Win32/DH{gRKBE0GBDnx9ICVXY2RO}

2017.0.2863

Bitdefender

Gen:Variant.Application.Bundler.AirInstaller.4

1.0.20.80

Comodo Security

Application.Win32.AirAdInstaller.A

23042

Dr.Web

Adware.Downware.202

9.0.1.016

F-Secure

Gen:Variant.Application.Bundler

11.2016-16-01_7

G Data

Gen:Variant.Application.Bundler.AirInstaller

16.1.25

Malwarebytes

PUP.Optional.Bundle

v2016.01.16.08

MicroWorld eScan

Gen:Variant.Application.Bundler.AirInstaller.4

17.0.0.48

Panda Antivirus

Adware/AirInstaller

16.01.16.08

Reason Heuristics

PUP.Air Software.AirSoftware.Bundler (M)

16.1.16.8

Sophos

AirInstaller (PUA)

4.98

File size:

204.6 KB (209,480 bytes)

Product version:

1.0.3.6

Original file name:

Launcher.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

AirInstaller Download Manager

Language:

English (United States)

Common path:

C:\users\{user}\downloads\yahoo_pidgin_setup.exe

Digital Signature

Signed by:

Air Software

Authority:

COMODO CA Limited

Valid from:

6/26/2011 8:00:00 PM

Valid to:

6/26/2012 7:59:59 PM

Subject:

CN=Air Software, O=Air Software, STREET=185-911 Yates St., STREET="Suite #327", L=Victoria, S=BC, PostalCode=V8V4Y9, C=CA

Issuer:

CN=COMODO Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C3BFAFF5374660A208126E655CBD3E13

File PE Metadata

Compilation timestamp:

2/23/2012 5:06:05 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:uLxHdkLimIA4Pbzr9YybdamkkUu5N5A19uIADD2k8MrzWrvcOcWX6ffL/b6Y4S0u:uvkOmItYykm2K585q2k882sw6L/bl4+7

Entry address:

0x93980

Entry point:

60, BE, 00, 40, 46, 00, 8D, BE, 00, D0, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.8556

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

192 KB (196,608 bytes)

Remove yahoo_pidgin_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.