air9420.exe

AdPeak, Inc

This is the instaler for an an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The application air9420.exe by AdPeak, Inc has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr6.com.
Publisher:
AdPeak, Inc  (signed and verified)

MD5:
9c60dc4af1897b6070f848897d8b37db

SHA-1:
db657cb539900d1dbfacfbfd6e053e804367e08f

SHA-256:
41a9de29ef2e27c59a02d6ce6a3fe9b8a822859956ff1efc81bbba11b5129384

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Injects advertisements in the web browser in the form or banner ads and popups.

Analysis date:
11/5/2024 8:18:35 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
NSIS:Downloader-ZX [Trj]
2014.9-140102

AVG
MalSign.Generic
2015.0.3606

Bkav FE
W32.Clod020.Trojan
1.3.0.4677

Comodo Security
UnclassifiedMalware
17625

Dr.Web
Trojan.MulDrop4.22900
9.0.1.02

G Data
Win32.Trojan.Agent.SERZ30
14.1.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

McAfee
RDN/Generic.dx!csr
5600.7262

NANO AntiVirus
Trojan.Win32.MulDrop4.cqkxyv
0.28.0.57029

Reason Heuristics
PUP.AdPeak.H
14.8.7.19

Rising Antivirus
NS:Malware.Install!1.9F62
23.00.65.14115

Sophos
AdPeak
4.96

VIPRE Antivirus
Adware.Adpeak
25500

File size:
108.7 KB (111,344 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\temp\air9420.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
8/3/2012 2:55:39 PM

Valid to:
9/16/2013 1:43:44 PM

Subject:
CN="AdPeak, Inc", O="AdPeak, Inc", L=Sarasota, S=FL, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
042CD88817C44D

File PE Metadata
Compilation timestamp:
2/8/2013 12:59:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
3072:+Srh2tEPKLlN1y3BJXCYA4eHL7iK4LacAO3RJ6o:Lh4kaDy3er4QXp/2b

Entry address:
0x39B0

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, 7C, 01, 00, 00, E8, 93, 46, 00, 00, 83, EC, 0C, 68, 01, 80, 00, 00, E8, 3E, 43, 00, 00, 6A, 00, E8, A7, 46, 00, 00, A3, 88, 0C, 44, 00, 6A, 08, E8, 72, 28, 00, 00, A3, 38, 0D, 44, 00, 8D, 85, 90, FE, FF, FF, 6A, 00, 68, 60, 01, 00, 00, 50, 6A, 00, 68, A4, A2, 40, 00, E8, EC, 45, 00, 00, 83, EC, 0C, 68, A5, A2, 40, 00, 68, 68, 0D, 44, 00, E8, 92, 2A, 00, 00, 83, C4, 18, E8, FA, 42, 00, 00, 52, 52, 50, 68, 00, 30, 47, 00, E8, 7D, 2A, 00, 00, 57, 6A, 00, E8, 4D, 42, 00, 00, 83...
 
[+]

Entropy:
7.1737

Code size:
28.5 KB (29,184 bytes)

The file air9420.exe has been seen being distributed by the following URL.

Remove air9420.exe - Powered by Reason Core Security