aire330.exe

Zofkat

Brightcircle Investments Limited

This adware is a web browser extension that will inject advertising in the browser in the form of unwanted banners and text-links which may link to malware sites and install unwanted software. The application aire330.exe by Brightcircle Investments Limited has been detected as adware by 12 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.airdlr6.com. It is distributed as part of the Brightcircle group of browser-extensions.
Publisher:
Nmssr  (signed by Brightcircle Investments Limited)

Product:
Zofkat

Description:
Giagmxxd

Version:
1.1.1.1

MD5:
fe139529670baf6a90f7f40a0d5cde5f

SHA-1:
282066304498c2d7e54c0867afa3fb0f23a9353f

SHA-256:
b857becf3b7d66787e645e9390a8eebb2b65d7de153c8ed5b316f17f70e62e0d

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
11/5/2024 8:22:04 AM UTC  (today)

Scan engine
Detection
Engine version

Bitdefender
Adware.Agent.NRC
1.0.20.170

Bkav FE
HW32.CDB
1.3.0.4246

Emsisoft Anti-Malware
Adware.Agent.NRC
8.14.02.03.10

ESET NOD32
Win32/Packed.ScrambleWrapper
8.8808

Fortinet FortiGate
Adware/Fam.NB
2/3/2014

F-Secure
Adware.Agent.NRC
11.2014-03-02_2

G Data
Adware.Agent.NRC
14.2.22

K7 AntiVirus
Riskware
13.172.9589

Malwarebytes
Adware.Packed.Ranver
v2014.02.03.10

MicroWorld eScan
Adware.Agent.NRC
15.0.0.102

Reason Heuristics
PUP.BrightcircleInvestmentsLimited.H
14.8.7.21

VIPRE Antivirus
Trojan.Win32.Generic
21536

File size:
4.8 MB (5,039,864 bytes)

Copyright:
Qfllqjh

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\aire330.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
3/8/2013 8:33:54 AM

Valid to:
3/8/2016 8:33:54 AM

Subject:
CN=Brightcircle Investments Limited, O=Brightcircle Investments Limited, L=Nicosia, S=Strovolos, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
047F36483DC84C

File PE Metadata
Compilation timestamp:
1/5/2010 7:09:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
98304:rasy/2xSKZR2U5UG78NskcediX95dm7RcrKrEEccDN2ixuvmB3KGCARbY5:mt3aRVf7/g4t5d8RCKonoNLxuvmIvAR2

Entry address:
0x4044

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 97, 52, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, 43, 4F, 00, 00, 56, C7, 04, 24, 00, 00, 00, 00, E8, A6, 52, 00, 00, A3, 88, 5C, 42, 00, 53, C7, 04, 24, 08, 00, 00, 00, E8, 26, 32, 00, 00, A3, 38, 5D, 42, 00, 8D, 85, 84, FE, FF, FF, 51, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, A4, B2, 40, 00, E8, D0, 51, 00, 00, 83, EC, 14, C7, 44, 24, 04, A5, B2, 40, 00, C7, 04, 24, 68, 5D...
 
[+]

Entropy:
7.9982  (probably packed)

Code size:
33 KB (33,792 bytes)

The file aire330.exe has been seen being distributed by the following URL.

Remove aire330.exe - Powered by Reason Core Security