» aira1de.exe
Overview
Analysis
File Details
Downloads (1)

aira1de.exe

Sailor Project

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application aira1de.exe by Sailor Project has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.

File name:

aira1de.exe

Publisher:

Sailor Project (signed and verified)

Description:

Rnyawqmuefby

Version:

8.21.23.8

MD5:

168f729880290519316368857b165b6f

SHA-1:

f75e9ee2d9c19bd6079cda14a94f523c925562ce

SHA-256:

41288a95efc61fff59486126d5be04cf3f4f2e0073972d4abbc145b723bf86d0

Scanner detections:

11 / 68

Status:

Adware

Explanation:

The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:

11/5/2024 8:21:37 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.MulDrop

2014.08.06

AVG

Generic

2015.0.3359

Clam AntiVirus

Win.Adware.Agent-6597

0.98/21411

Dr.Web

Trojan.Crossrider.17413

9.0.1.0250

ESET NOD32

Win32/Packed.ScrambleWrapper (variant)

8.10210

IKARUS anti.virus

not-a-virus:WebToolbar.CrossRider

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.CrossRider

v2014.09.07.10

McAfee

Artemis!168F72988029

5600.7015

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.SailorProject.H

14.9.7.10

Trend Micro House Call

Suspicious_GEN.F47V0729

7.2.250

File size:

8.7 MB (9,154,960 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\aira1de.exe

Digital Signature

Signed by:

Sailor Project

Authority:

COMODO CA Limited

Valid from:

7/18/2014 2:00:00 AM

Valid to:

7/19/2015 1:59:59 AM

Subject:

CN=Sailor Project, O=Sailor Project, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

47C5F145C734CD3D086C0A102176F0A1

File PE Metadata

Compilation timestamp:

12/4/2012 2:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:Aaq1VrlKp4CnUxNsg4B8QPWH/80CwxvZMki/a8qnFa67M7kn4ZHn4Fhh738ecs:ANlKp4Cng4B801m4/a8qM7/M8eV

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The file aira1de.exe has been seen being distributed by the following URL.

http://cdn.airdlr6.com/downloads/offers/.../easy-dealsM.exe

Remove aira1de.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.