air3236.exe

Ftjdffuzmo

Uycilgt

The application air3236.exe has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn77.airdwnlds.com.
Publisher:
Uycilgt

Product:
Ftjdffuzmo

Description:
Quzjxoarsj

Version:
1.0.0.0

MD5:
e40e696236075cdd09227a4eb776a4b8

SHA-1:
2d80900b2db05813df83007e7081e5baf5b4bedf

SHA-256:
0326db6859f95441dbe35bff37957e4fe096398852e873b5eacf07a75e72e589

Scanner detections:
13 / 68

Status:
Adware

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/25/2024 1:09:15 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.ScrambleWrapper
7.1.1

Dr.Web
Trojan.Crossrider.1343
9.0.1.093

ESET NOD32
Win32/Packed.ScrambleWrapper
8.9578

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11524

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.4072

McAfee
Artemis!E40E69623607
5600.7171

NANO AntiVirus
Trojan.Win32.Generic.ctnytf
0.28.0.58491

Reason Heuristics
PUP.Downloader.Uycilgt.H
14.5.13.8

Sophos
Generic PUA CN
4.98

Trend Micro House Call
TROJ_GEN.R047H07BS14
7.2.93

Vba32 AntiVirus
AdWare.Agent.ajdu
3.12.24.3

VIPRE Antivirus
Adware.Agent
27660

File size:
5 MB (5,255,035 bytes)

Copyright:
Elbhgeyh

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\air3236.exe

File PE Metadata
Compilation timestamp:
12/4/2012 11:55:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
98304:7KvGWbhUk6EcCA8OJIWKJfgnVaakFST1tL6kRA5jJscqszQfy57XhGgENN9/zp:pWGkO2dsoaqSh1DR2jqvKhGgEBrp

Entry address:
0x4323

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file air3236.exe has been seen being distributed by the following URL.

Remove air3236.exe - Powered by Reason Core Security