aira236.exe

LessTabs

The application aira236.exe by LessTabs has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i.vertitechnologygroup.com and multiple other hosts.
Publisher:
LessTabs  (signed and verified)

Product:
LessTabs

Description:
LessTabs Setup

Version:
1.7.2.0

MD5:
c479e1d766d319d526957d12bc23eabc

SHA-1:
fc3609d0e02eb39c507d653e3ed371a086685ae4

SHA-256:
bc30e2335b22f237083304436f68cc664ee9d67e0347c90d86629fee7b3fd146

Scanner detections:
21 / 68

Status:
Adware

Analysis date:
12/24/2024 12:53:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Lesstabs.B
1151

Agnitum Outpost
Riskware.AdWare
7.1.1

AVG
Generic5
2014.0.3644

Bitdefender
Adware.Lesstabs.B
1.0.20.1645

Bkav FE
W32.Clodeac.Trojan
1.3.0.4924

Dr.Web
Adware.Plugin.71
9.0.1.0204

Emsisoft Anti-Malware
Adware.Lesstabs
8.13.11.25.12

ESET NOD32
Win32/AdWare.Vitruvian
7.9406

F-Secure
Adware.Lesstabs.B
11.2013-10-12_3

G Data
Adware.Lesstabs
13.11.24

IKARUS anti.virus
AdWare.Lesstabs
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.11120

McAfee
Artemis!C479E1D766D3
5600.7270

MicroWorld eScan
Adware.Lesstabs.B
14.0.0.987

NANO AntiVirus
Trojan.Win32.Plugin.csnyis
0.28.0.57630

nProtect
Adware.Lesstabs.B
14.02.10.01

Reason Heuristics
PUP.Installer.LessTabs.H
14.2.26.9

Sophos
LessTabs IE Client
4.97

Trend Micro House Call
TROJ_SPNR.25JK13
7.2.329

Trend Micro
TROJ_SPNR.25JK13
10.465.25

VIPRE Antivirus
Adware.LessTabs
26350

File size:
1.2 MB (1,221,112 bytes)

Product version:
1.7.2.0

Copyright:
©2013 LessTabs

Original file name:
lesstabs-setup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\aira236.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
2/14/2013 6:00:20 PM

Valid to:
2/14/2014 2:06:10 PM

Subject:
CN=LessTabs, O=LessTabs, L=La Jolla, S=CA, C=US

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27795724B41A36

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:uH6mDS9XyAzJ0VCX3kEtwyG+RkbO1eUEML6ik4bL+SOJCBHty:0i9vzJMakiGz0eykEpOkty

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9842

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file aira236.exe has been seen being distributed by the following 3 URLs.

Remove aira236.exe - Powered by Reason Core Security