» aird5eb.exe
Overview
Analysis
File Details
Programs (1)
Downloads (3)

aird5eb.exe

Pricé Metér

The application aird5eb.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Price Metér (remove only) by DealPly Technologies Ltd. which is a potentially unwanted software program. The file has been seen being downloaded from d1pg43ots40sgg.cloudfront.net and multiple other hosts.

File name:

aird5eb.exe

Publisher:

Pricé Metér

Product:

Pricé Metér

Version:

1.1.6.1

MD5:

c65466321b74270ff5993a9c8d5bdf9d

SHA-1:

3abb2a0f6a1c0155f68ba0e92aec72a0aac9a3df

SHA-256:

105b6f4e0a811b318dbba30d704678d90986bf18c5d59f31fd36b5d14034b2d5

Scanner detections:

21 / 68

Status:

Potentially unwanted

Analysis date:

11/26/2024 10:14:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.670804

929

Agnitum Outpost

Riskware.Agent

7.1.1

avast!

Win32:PUP-gen [PUP]

2014.9-140720

Baidu Antivirus

Adware.Win32.DealPly

4.0.3.14720

Bitdefender

Application.Generic.670804

1.0.20.1005

Dr.Web

Adware.Shopper.480

9.0.1.0201

ESET NOD32

Win32/DealPly (variant)

8.10123

Fortinet FortiGate

Riskware/DealPly

7/20/2014

F-Secure

Application.Generic.670804

11.2014-20-07_1

G Data

Application.Generic.670804

14.7.24

Kaspersky

not-a-virus:AdWare.Win32.DealPly

14.0.0.3532

McAfee

Artemis!C65466321B74

5600.7063

MicroWorld eScan

Application.Generic.670804

15.0.0.603

Panda Antivirus

Trj/CI.A

14.07.20.02

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.27.1

Rising Antivirus

PE:Trojan.Win32.Generic.16F94058!385433688

23.00.65.14718

Sophos

Generic PUA KK

4.98

Trend Micro House Call

Suspicious_GEN.F47V0702

7.2.201

Trend Micro

TROJ_GEN.R0CBC0OGA14

10.465.20

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

31422

File size:

782 KB (800,768 bytes)

Product version:

1.1.6.1

Trademarks:

[283A699F] [default:default] Price Metér is a trademark or registered trademark in the U.S. and/or other countries.

Original file name:

pm.exe

File type:

Executable application (Win32 EXE)

Language:

English

Common path:

C:\users\{user}\appdata\local\temp\aird5eb.exe

File PE Metadata

Compilation timestamp:

7/2/2014 2:58:42 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:Whp5nfXV1Q5/tx7pEqjePy3uRTeEgHIV4g4ewB68yOw1e3Mx/eIBTTeEZRIRkJ47:qvOj6J86Ww17ZrxRbi

Entry address:

0x2ED8E

Entry point:

E8, 87, E1, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 83, EC, 2C, A1, 28, F8, 45, 00, 33, C5, 89, 45, FC, 8B, 45, 08, 53, 8B, 5D, 10, 56, 57, 8B, 7D, 0C, 33, F6, 89, 45, E8, 89, 7D, EC, 89, 75, F0, 85, C0, 74, 0B, 85, DB, 75, 07, 33, C0, E9, 20, 02, 00, 00, 85, FF, 75, 18, E8, 63, 33, 00, 00, C7, 00, 16, 00, 00, 00, E8, E5, 59, 00, 00, 83, C8, FF, E9, 04, 02, 00, 00, FF, 75, 14, 8D, 4D, D4, E8, F4, D0, FF, FF, 8B, 4D, E8, 8B, 45, D4, 85, C9, 0F, 84, 82, 01, 00, 00, 39, B0, A8, 00, 00, 00, 75, 34, 85, DB, 0F... 
[+]

Code size:

299.5 KB (306,688 bytes)

The file aird5eb.exe has been discovered within the following program.

Price Metér (remove only) by DealPly Technologies Ltd.

Price Meter injects advertising (coupons, discounts, comparative prices, etc.) in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links and some popup/popunder ads.

support.pricemeter.net

88% remove it

The file aird5eb.exe has been seen being distributed by the following 3 URLs.

http://d1pg43ots40sgg.cloudfront.net/bundle/PriceMeter/.../pm.exe

http://cdn.airdlr6.com/downloads/offers/.../pm_2014_07_10.exe

http://cdn.pmdownloadcdn.com.s3.amazonaws.com/.../pm.exe

Remove aird5eb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.