» angry birds provided through aragon advertising.exe
Overview
Analysis
File Details
Downloads (1)

angry birds provided through aragon advertising.exe

Alpha Installer

LiveSoftAction

The program utilizes the Appscion Download and Install manager, an adware distribution bundler from SIEN SA. The setup program includes ad-supported toolbars and utilities. The application angry birds provided through aragon advertising.exe by LiveSoftAction has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

Publisher:

LiveSoft_Action (signed by LiveSoftAction)

Product:

Alpha Installer

Version:

9.13.4.1

MD5:

2d29556edb799c2e6f541a8ace9abcca

SHA-1:

e3a42de8f577bdb9b90f987e4f7d9c94f9bab2c6

SHA-256:

991f3511dfc2040a6c6d5febccfffabf3d5e856178788cf0c97f6865ae27bb01

Scanner detections:

19 / 68

Status:

Adware

Explanation:

This is a modified installer that uses the Appscion to bundle adware.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/5/2024 1:45:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.49

570

Avira AntiVirus

APPL/GetNow.ersd

3.6.1.96

AVG

Generic

2016.0.3142

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.GetNow.DI

21733

Dr.Web

Adware.Iminent.28

9.0.1.0102

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.49

8.15.07.14.01

ESET NOD32

Win32/GetNow.H potentially unwanted application

7.0.302.0

F-Secure

Riskware.Gen:Variant.Application.Bundler

11.2015-14-07_3

herdProtect (fuzzy)

variant of panasonic rr-qr230 user guide provided through pdfretriever.com.exe (Adware)

2015.7.14.13

K7 AntiVirus

Unwanted-Program

13.202.15567

Malwarebytes

PUP.Optional.LiveSoft

v2015.07.14.01

MicroWorld eScan

Gen:Variant.Application.Bundler.49

16.0.0.585

NANO AntiVirus

Riskware.Win32.Downware.dpuzse

0.30.10.952

Norman

Gen:Variant.Application.Bundler.49

11.20150714

Reason Heuristics

PUP.Bundler.Sien

15.4.11.22

Sophos

PUA 'Live Soft Action' (of type Adware)

5.15

VIPRE Antivirus

Threat.4150696

40828

Zillya! Antivirus

Downloader.Agent.Win32.242143

2.0.0.2135

File size:

914 KB (935,904 bytes)

Product version:

9.13.4.1

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

SIEN SuperInstall

Language:

English (United States)

Common path:

C:\users\{user}\downloads\angry birds provided through aragon advertising.exe

Digital Signature

Signed by:

LiveSoftAction

Authority:

COMODO CA Limited

Valid from:

12/8/2014 6:00:00 PM

Valid to:

12/9/2015 5:59:59 PM

Subject:

CN=LiveSoftAction, O=LiveSoftAction, STREET="64-66, Mezzanine", STREET=Dionisie Lupu Street, L=Bucharest, S=ROMANIA, PostalCode=010458, C=RO

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0DB89F49425D87D205160442DA55CE38

File PE Metadata

Compilation timestamp:

3/26/2015 4:23:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:72oSaf5lTlufs3zjVpx1NsOG6/1mfWuBzT02xyJPy0p:72oSaf5lTlufs3PVpx16cpEzTRgJa

Entry address:

0x251600

Entry point:

60, BE, 00, 60, 58, 00, 8D, BE, 00, B0, E7, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.9090

Packer / compiler:

UPX 2.90LZMA

Code size:

816 KB (835,584 bytes)

The file angry birds provided through aragon advertising.exe has been seen being distributed by the following URL.

http://stapi.fastinstallwiz.com/api/.../setup.exe

Remove angry birds provided through aragon advertising.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.