angrybirds_setup.exe

Angry Birds Installer

Downloadinfo

The Adlogica setup manager, an installer that bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application angrybirds_setup.exe, “Deploy Angry Birds along with various offers” by Downloadinfo has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Adlogica Downloader installer. This version of the installer will bundle a Mindspark/MyWebSearch Toolbar, a potentially unwanted web browser extension.
Publisher:
Downloadinfo  (signed and verified)

Product:
Angry Birds Installer

Description:
Deploy Angry Birds along with various offers

Version:
2.3.0

MD5:
0a042c8b1edac1b575cefd78327d2122

SHA-1:
150d3f8a149d3cef36996619841f90fa8b7f2f87

SHA-256:
444987ed72c353875288d353bbcae61aeded14cbde5b41d70a120666a54bc908

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles the Mindspark (MyWebSearch/Ask) toolbar, a web browser extension that will modify a user's search and home pages.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/30/2024 3:26:02 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.MyWebSearch (variant)
7.8802

herdProtect (fuzzy)
2013.12.20.19

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.0.127

Malwarebytes
PUP.Optional.Downloadster
v2013.12.10.09

Reason Heuristics
PUP.Installer.Downloadinfo.Q
14.8.7.17

Trend Micro House Call
TROJ_GEN.F47V0902
7.2.344

File size:
1.2 MB (1,309,032 bytes)

Product version:
2.3.0

Copyright:
©DownloadInfo

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adlogica Downloader

Language:
English (United States)

Common path:
C:\users\{user}\downloads\angrybirds_setup.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
8/13/2013 8:00:00 PM

Valid to:
8/14/2015 7:59:59 PM

Subject:
CN=Downloadinfo, O=Downloadinfo, STREET=96 Jessie st 4th floor, L=SAN FRANCISCO, S=CA, PostalCode=94105, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0086FD7D8A08F1EAEB6084518153EB026C

File PE Metadata
Compilation timestamp:
8/27/2013 4:27:09 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:IKJpO06eDK14C2SLtgW5QCwgIImrox3k1d+EbzcguMv2+Mmar9TFHdZ:INtwgIImMMd+Wz20VVWTFz

Entry address:
0x1073F0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 80, 56, 50, 00, E8, E4, 01, F0, FF, 8B, 0D, 9C, 15, 51, 00, 8B, 09, B2, 01, A1, F4, 48, 4C, 00, E8, C8, 8E, F5, FF, 8B, 15, 90, 16, 51, 00, 89, 02, A1, 9C, 15, 51, 00, 8B, 00, E8, CC, 26, F6, FF, A1, 9C, 15, 51, 00, 8B, 00, B2, 01, E8, 66, 45, F6, FF, 8B, 0D, 80, 13, 51, 00, A1, 9C, 15, 51, 00, 8B, 00, 8B, 15, 60, 8E, 4F, 00, E8, BE, 26, F6, FF, A1, 9C, 15, 51, 00, 8B, 00, E8, EA, 27, F6, FF, E8, 39, DB, EF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6781

Developed / compiled with:
Microsoft Visual C++

Code size:
1 MB (1,074,176 bytes)

The file angrybirds_setup.exe has been seen being distributed by the following 2 URLs.

Remove angrybirds_setup.exe - Powered by Reason Core Security