» airsnare-setup-1.5.0.00.000.exe
Overview
Analysis
File Details
Programs (1)
Downloads (28)

airsnare-setup-1.5.0.00.000.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

MD5:

8c2b36f29db8dcbc0eb404407aeecdce

SHA-1:

8c6e7e7f72164e6f7fc4d99e523f2a418481d32c

SHA-256:

23b957b1b596d35352e02d0a10b28b58ecaba43598d67fafbc802a9e5852b589

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/27/2024 4:03:33 AM UTC (today)

Scan engine

Detection

Engine version

Rising Antivirus

PE:Trojan.VBKeyLogger!1.9F6C

23.00.65.14131

File size:

15.9 MB (16,628,468 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\airsnare-setup-1.5.0.00.000.exe

File PE Metadata

Compilation timestamp:

1/24/2006 9:42:35 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

393216:Wjq65mrc+1aSnckaL/lXrF+1QY/fXppUWXPtXDQY/sk:WT5x+1aSkL/F06iVXEux

Entry address:

0x32E0

Entry point:

81, EC, 7C, 01, 00, 00, 53, 55, 56, 33, F6, 57, 89, 74, 24, 18, BD, 68, 91, 40, 00, C6, 44, 24, 10, 20, FF, 15, 30, 70, 40, 00, 56, FF, 15, 70, 72, 40, 00, A3, 10, 44, 42, 00, 56, 8D, 44, 24, 30, 68, 60, 01, 00, 00, 50, 56, 68, 20, FD, 41, 00, FF, 15, 58, 71, 40, 00, 68, 8C, 92, 40, 00, 68, 60, 3B, 42, 00, E8, 36, 28, 00, 00, BB, 00, B4, 42, 00, 53, 68, 00, 04, 00, 00, FF, 15, B8, 70, 40, 00, E8, 64, FF, FF, FF, 85, C0, 75, 24, 68, FB, 03, 00, 00, 53, FF, 15, B4, 70, 40, 00, 68, 84, 92, 40, 00, 53, E8, 21... 
[+]

Entropy:

7.9998

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file airsnare-setup-1.5.0.00.000.exe has been discovered within the following program.

Toolwiz Time Freeze 2015 by ToolWiz

www.Toolwiz.com

About 5% of users remove it

The file airsnare-setup-1.5.0.00.000.exe has been seen being distributed by the following 28 URLs.

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1437525843&Signature=dG1nHmglZnABIlrZZBGU4ZIvWsm70uBbGASuBp~D1ubqh0hjCZDAo7-Le6BTeOcYI2of66ZFyuP6A4Gpunhq7G7d8tgxMF~75Dil8mS-eec~dlrk3LlU56ef3ivd40X8wqd9ohirYJxosjXgAPgcGDg4XVGxm3I315Zp75gUg3s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1452849562&Signature=eM9hDiLOqfy1x-NEG8ptaK9REp-SXS7HwLtEfrP4lRllsdSMCOxXzq~OTECspUH4WmWSw~jsuolc9EVWOdA~Yrb~57WP0Luh27M6Fz0jxRy7juasjQyIfKza6CeHLdl4BY3H4oLTgmN0gRBr1sDjEvWxrIq~08ZnixajJSA7QIU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1477835712&Signature=V8MI2-xdubBCZOdnrcPtrvs-LPFlJx0p8z5aV7o1EwoOIaKxgt~orh3JvigMqzszgtVRjHEQvH4S5GHseHyphHMSBt6VXbraUs4I7xMGZhPTIXhf4Qx6NItvVarlzY2b28gJjCOko6bo7r93UakAhEjV8BVNtvSNU6Y1PupGmXs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_fr&type=PROGRAM&Expires=1471512701&Signature=YgsHF5aZuBtUDdyolzZ-jPyCH9YVeRT7Hj045jo~g9i1KBqPwwuGkB~p0y99IL6~cd~B4KiIpllAS~UrTBSbBbAsjVAOAcBci425BBP94m3vmSM~qwDc-iU7S0tneSOAkPJxH6~Tv~DbxyIssfMlOlLfb3h3nhBWZKlteiysAc4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1452046489&Signature=VU2xSV8YN0x8gmn3YkzvzIcFNbsfTdxjKz6QaGyVzUAkhnY~1JUwmXs3RcC0nWozVbzOO571JZbTVlCh3BoDmx8ECqkWflXvWeCFwI8Je-iGKc4~S9~fs-KQgqD5RGAs5pcAB5mCGoi7C0z1Rt~z3Th~vtETA8q5ystO0sZUHCM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://www.jetelecharge.com/.../tel.php?id=4511

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1450282911&Signature=QLjCjBqhMq29dnPb3Aoi8s1ab9tf6EdxbBcCz~JJ6qA9ijsncxFFqb5B3xJ95fZ8LLNljyqtVZBZ2~ufObaKw5p5GCfTmZQMwoeJYN170KTwDQhATVYj4C3sxGm4Fu9f8kfrSlDLXhzXzWbSFYE9Ij-4ebAohhSjst7nXt-bUHQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_fr&type=PROGRAM&Expires=1479798056&Signature=f0hQcn5885fyLhoiDc62y0xhqMMAd8F-E0OSoT40nviZJ1z6oj68nD9Niyskm835oKSyq8HVxzCp4KgQ~Ei49Grlo9gSiBRQRRYjGnCweXfYtAuFsjZYoxYl5hC73gzktN53bMf4BQbcmBEqlpEWLvbmc4JTbOnTs9bxjlHqxFc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://www.lo4d.com/get-file/airsnare/.../

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1466401229&Signature=haGpwdP5NDo7TPaMNYU72BEaYmQ70-xViHv~K5kr9Gzqy23yKIHovGdijHvm88UU-3~iMFaRduP04-qSOoihfsPieZfoYgYqb-sdgLP4RQVsuzRPVEIVmU-g36kdqUuWXoQY6vzrjbIZJInfdUKB9DwV6ITGN00s6IwBT2Lc8Ps_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1456462792&Signature=WU3a3qR1V1BTytc7AKegsZpAARH4gmkvLif8zX2ZWPOhA4kcQ~k-u1W-QOCgc8EFrVm3zp0M~Zn58be0XDxRLs4SFT7Ubv2etsAXeqiseGjhQ8P7s6faIgZguxoByEoki7BD3b0~x7dylHvpkxFMRnjUCRl8W6cJwZjbJdxBFAc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://airsnare.en.softonic.com/download-tracker?th=1/.../rpUg7WeT8XKeRXfT6DCFjE5W4Je84eipcr 9WOVvymMpPILSbu2zpnIYf2b2CiGcblYv0If4ajpi88l8DIQaPcEIA2I98GeDo1jnwOkeGhFunXkvuzkxtrcqfA==

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1422439617&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=d5R~aduxL4b6adPKtRLGK-~FVZrpbpDxvAyqxdZZN0nugP0uFEEP6HmipB5P-qqtLJOk329681OFPM859ZIDxN7jM8fSDmcPrBFEqXFb6~6SsEVMnBT11rWLNW2eZN-gWscj15vcRk0uk6TfBG3shfKl~OZ08hVdqdANP01tSfg_&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1453210117&Signature=awevpaQqi5wKKA0aEyms~Wq4M8UISaOdnqMNgtTXVMVBhcp2gpM8XQRxW8teGi6Ls8g0EfWLihu4v4zbM7om9bXheVZl-ZRWkTHiM6wECa-uEpT9dB2yPDff3ku5kmJ0lkRwshvwssdRggMZOz9SSDRuYwrW~8bsHD~BG3cWDRA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1440302036&Signature=ifZedlfSSMiO7fZFP03ZA~MnC3-Wa6vQxVJfvW4CfmO6NKtsur9boDMPyajpw41Le-S1Z~PxIb08REWixY1UlAoKPL3IzrO-uRk4Fl922gS4ULu6xyDY8VV2vbeWdMB7wbGQ7V9H5QZqo4u9uwE4zXZw35dshISlnKPEtndOFZs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_en&type=PROGRAM&Expires=1455939733&Signature=DZWLYMw3OiV4iJvRTqwsjkFGkhHQpBXi~N-pI3N1Gv-efGtVaqZV1ctlH2nQ5dEoPFZU~qGpkJxGaq-eF0BYNYanVup3RG8BsXmJ0JJIfFi3oac79jXgLw-Jj7S63rLH14CxiPh7kahdGJzN1-bzUQUS5g0kORlqgAb7cCQx-Rg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://files.downloadnow.com/s/software/10/53/23/.../AirSnare-Setup-1.5.0.00.000.exe

http://ec.ccm2.net/es.ccm.net/download/.../AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1439637594&Signature=iA8MBv5OeavIlKnuOOHq-cwxkZU4MoO2CRemGo7ZmFowQ2YLsyTriQQ0P9IL3DMUzB8Zaf3-cog2GB0i7kMJOKaZy3AFfEG1Gx1ha~xH80CT3EBx0vjUeJLYKq1ASAYXSUzxbUjxWDsbNleN2gbJkO91bawUQ7a0BFzikX6gpcE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://gsf-cf.softonic.com/8c6/e7e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=35508&instance=softonic_es&type=PROGRAM&Expires=1452029147&Signature=JHMllK8PMf7ZStHL7UE0iTfA-w0wubemc2saY2kea4DkAT2v2vuV8aMpmsj-dW9ggj2nWtHd8CauYCOT7SIfPRKc~DxfSX9dkZKjkJzof3z5bSGLebONo7AGftLZiJDsQ0FCwOmOgqwKOebzsgihXvrrPUR5Gtq0hW5Jz1JTXNQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=AirSnare-Setup-1.5.0.00.000.exe

http://dl2.netzwelt.de/.../airsnare_8445.exe

http://www.quetelecharger.com/download/media/.../airsnare.exe

http://www.quetelecharger.com/.../1b28712f.dl

http://global-shared-files-l3.softonic.com/8c6/e7e/.../file?nvb=20141127180049&nva=20141128060149&token=0293aa868468bd4fe4235&instance=softonic_fr&filename=AirSnare-Setup-1.5.0.00.000.exe

http://d210.cdn.m6web.fr/longtail/0058/.../AirSnare-Setup-1.5.0.00.000.exe

http://lb.cdn.m6web.fr/d/c/a/1fdc82b288b40313a0214d6e6bc1410e/5478b6da/longtail/0058/.../AirSnare-Setup-1.5.0.00.000.exe

http://software-files-a.cnet.com/s/software/10/53/23/.../AirSnare-Setup-1.5.0.00.000.exe

http://download1us.softpedia.com/dl/e18505ed661c2529a6784d8fb046d7d4/5270162f/100008371/software/.../AirSnare-Setup-1[1].5.0.00.000.exe

Scan airsnare-setup-1.5.0.00.000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.