» air9420.exe
Overview
Analysis
File Details
Downloads (1)

air9420.exe

AdPeak, Inc

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application air9420.exe by AdPeak, Inc has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr6.com.

File name:

air9420.exe

Publisher:

AdPeak, Inc (signed and verified)

MD5:

9c60dc4af1897b6070f848897d8b37db

SHA-1:

db657cb539900d1dbfacfbfd6e053e804367e08f

SHA-256:

41a9de29ef2e27c59a02d6ce6a3fe9b8a822859956ff1efc81bbba11b5129384

Scanner detections:

13 / 68

Status:

Adware

Explanation:

Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:

11/23/2024 5:41:03 AM UTC (today)

Scan engine

Detection

Engine version

avast!

NSIS:Downloader-ZX [Trj]

2014.9-140102

AVG

MalSign.Generic

2015.0.3606

Bkav FE

W32.Clod020.Trojan

1.3.0.4677

Comodo Security

UnclassifiedMalware

17625

Dr.Web

Trojan.MulDrop4.22900

9.0.1.02

G Data

Win32.Trojan.Agent.SERZ30

14.1.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.2.29

McAfee

RDN/Generic.dx!csr

5600.7262

NANO AntiVirus

Trojan.Win32.MulDrop4.cqkxyv

0.28.0.57029

Reason Heuristics

PUP.AdPeak.H

14.8.7.19

Rising Antivirus

NS:Malware.Install!1.9F62

23.00.65.14115

Sophos

AdPeak

4.96

VIPRE Antivirus

Adware.Adpeak

25500

File size:

108.7 KB (111,344 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\appdata\local\temp\air9420.exe

Digital Signature

Signed by:

AdPeak, Inc

Authority:

GoDaddy.com, Inc.

Valid from:

8/3/2012 2:55:39 PM

Valid to:

9/16/2013 1:43:44 PM

Subject:

CN="AdPeak, Inc", O="AdPeak, Inc", L=Sarasota, S=FL, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

042CD88817C44D

File PE Metadata

Compilation timestamp:

2/8/2013 12:59:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

3072:+Srh2tEPKLlN1y3BJXCYA4eHL7iK4LacAO3RJ6o:Lh4kaDy3er4QXp/2b

Entry address:

0x39B0

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 93, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 3E, 43, 00, 00, 6A, 00, E8, A7, 46, 00, 00, A3, 88, 0C, 44, 00, 6A, 08, E8, 72, 28, 00, 00, A3, 38, 0D, 44, 00, 8D, 85, 90, FE, FF, FF, 6A, 00, 68, 60, 01, 00, 00, 50, 6A, 00, 68, A4, A2, 40, 00, E8, EC, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 0D, 44, 00, E8, 92, 2A, 00, 00, 83, C4, 18, E8, FA, 42, 00, 00, 52, 52, 50, 68, 00, 30, 47, 00, E8, 7D, 2A, 00, 00, 57, 6A, 00, E8, 4D, 42, 00, 00, 83... 
[+]

Entropy:

7.1737

Code size:

28.5 KB (29,184 bytes)

The file air9420.exe has been seen being distributed by the following URL.

http://cdn.airdlr6.com/downloads/offers/.../getsavincpm.exe

Remove air9420.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.