home

airc8dd.exe

Evangelion Group

This potentially unwanted Internet browser extension is built upon and distributed using the free Crossrider platform and will deliver advertisements to the web browser in various formats such as banner, text hyper-links, inline text and transitional ads. The application airc8dd.exe by Evangelion Group has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. It is part of the Brightcircle group of web-extensions that inject advertisements in the browser.
Publisher:
Evangelion Group  (signed and verified)

Description:
Yzcdzhcohz

Version:
20.19.6.8

MD5:
98fcfe11c4fd3658e12632ec64dd89a2

SHA-1:
e43e6571413d922750e28ea00243c1d5a1ff05e3

SHA-256:
2a50e59ccdaae778b7de69c2926bc21897e7e3f6fed8a9ad1aa39379b6c268f5

Scanner detections:
22 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/8/2025 10:03:38 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.ScrambleWrapper
7.1.1

Avira AntiVirus
ADWARE/CrossRider.Gen2
7.11.171.66

avast!
Win32:Malware-gen
2014.9-140917

AVG
Generic
2015.0.3349

Dr.Web
Trojan.Crossrider.27621
9.0.1.0260

ESET NOD32
Win32/Packed.ScrambleWrapper (variant)
8.10384

IKARUS anti.virus
PUA.ScrambleWrapper
t3scan.1.7.5.0

K7 AntiVirus
Trojan
13.183.13305

Kaspersky
Trojan.NSIS.GoogUpdate
14.0.0.3240

Malwarebytes
PUP.Optional.CrossRider
v2014.09.17.01

McAfee
Artemis!98FCFE11C4FD
5600.7005

NANO AntiVirus
Trojan.Win32.MLW.deioew
0.28.2.61942

Panda Antivirus
Trj/Chgt.C
14.09.17.01

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.NSIS.g7
9.14.14.00

Reason Heuristics
PUP.EvangelionGroup.H
14.9.17.1

Sophos
Generic PUA OE
4.98

Trend Micro House Call
TROJ_SPNV.03HE14
7.2.260

Trend Micro
TROJ_SPNV.03HE14
10.465.17

Vba32 AntiVirus
Trojan.GoogUpdate
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic
32924

Zillya! Antivirus
Trojan.GoogUpdate.Win32.799
2.0.0.1915

File size:
8.8 MB (9,278,120 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\airc8dd.exe

Digital Signature
Signed by:
Evangelion Group

Authority:
COMODO CA Limited

Valid from:
7/27/2014 9:00:00 PM

Valid to:
7/28/2015 8:59:59 PM

Subject:
CN=Evangelion Group, O=Evangelion Group, STREET=Athinodorou 3, STREET=Dasoupoli Strovolos, L=Nicosia, S=Cyprus, PostalCode=2025, C=CY

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0095E2A1168FF10F1D56CF5FFE4ABC7450

File PE Metadata
Compilation timestamp:
12/4/2012 11:54:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
196608:7WDSR7k+WdIWeX54n9yTpM6AG/4LIelouyfhCuk5Bl3lHoKexRAzElB9ZZrf4uJc:qm7fWdILXW9SJAG/qry4B3WAI/Bf1c

Entry address:
0x4105

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 30, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8B, 3B, 00, 00, A3, 8C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A9, B2, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, AA, B2, 40, 00, C7...
 
[+]

Code size:
34 KB (34,816 bytes)

The file airc8dd.exe has been seen being distributed by the following URL.

http://cdn.airdlr7.com/downloads/offers/.../setupbr.exe

Remove airc8dd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.