{blocked}.exe

7-Zip

Download Assistant

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application {blocked}.exe by Download Assistant has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the AirInstaller Download Manager installer.
Publisher:
Igor Pavlov  (signed by Download Assistant)

Product:
7-Zip

Description:
7z SFX

Version:
9.20

MD5:
2e95e7351ce2c5be09bb327ec9b7a030

SHA-1:
c146f5555d4a936ec68c7576c6091b62e902b08b

SHA-256:
6b9a4cef16235ecb15d77b16de417091a2871d152f17a992ce30047c2b70d3f0

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/30/2024 8:55:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Air Software (M)
17.3.16.10

File size:
1.1 MB (1,169,712 bytes)

Product version:
9.20

Copyright:
Copyright (c) 1999-2010 Igor Pavlov

Original file name:
7z.sfx.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bypass plugin.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
5/2/2016 7:00:00 PM

Valid to:
8/1/2017 6:59:59 PM

Subject:
CN=Download Assistant, O=Download Assistant, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
088066A3A015128F544F3E16DC53BCE8

File PE Metadata
Compilation timestamp:
11/18/2010 10:27:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1D262

Entry point:
55, 8B, EC, 6A, FF, 68, 20, 1E, 42, 00, 68, 5C, D2, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 04, 11, 42, 00, 59, 83, 0D, 90, BD, 42, 00, FF, 83, 0D, 94, BD, 42, 00, FF, FF, 15, 00, 11, 42, 00, 8B, 0D, 70, 9D, 42, 00, 89, 08, FF, 15, FC, 10, 42, 00, 8B, 0D, 6C, 9D, 42, 00, 89, 08, A1, 64, 11, 42, 00, 8B, 00, A3, 8C, BD, 42, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, 7A, 42, 00, 75, 0C, 68, EA, D3, 41, 00, FF, 15, 0C, 11...
 
[+]

Entropy:
6.9719

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
126.5 KB (129,536 bytes)

Remove {blocked}.exe - Powered by Reason Core Security