flash player.exe

Flash Player

Air Software

Warning, this is not the legitimate setup program for Flash Player. The setup is bootstrapped by the Air Installer 'download manager' (a pay-per-install monetization download manager) that bundles unwanted software (adware, toolbars, extensions) during setup while deciving the user into thinking they are downloading the stadard installation setup from Flash Player. The application flash player.exe by Air Software has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer.
Publisher:
AirInstaller Inc.  (signed by Air Software)

Product:
Flash Player

Version:
2.0.4.7

MD5:
c57f74d0ee42acb0bfc7148c6eb6e9c3

SHA-1:
31e1a685bb97ce8c559b9f1e6298d45c88ef2d66

SHA-256:
9798a9f79079e5631c53ea88f34a7a6da3921ce69f95287c65598b9453f4648f

Scanner detections:
14 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 3:42:51 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/AirInst.23654
7.11.140.88

avast!
Win32:Installer-L [PUP]
2014.9-140331

AVG
Generic_r
2015.0.3518

Comodo Security
Application.Win32.AirAdInstaller.A
18025

Dr.Web
Adware.Siggen.26340
9.0.1.090

ESET NOD32
Win32/AirAdInstaller (variant)
8.9617

F-Prot
W32/AirInstall.A8.gen
v6.4.7.1.166

G Data
Win32.Adware.Airadinstaller
14.3.24

K7 AntiVirus
Adware
13.176.11613

Reason Heuristics
DownloadManager.AirSoftware.M
14.8.7.18

Rising Antivirus
PE:PUF.Airinstall!1.9C4C
23.00.65.14329

Sophos
AirInstaller
4.98

Vba32 AntiVirus
AdWare.AirAdInstaller
3.12.24.3

VIPRE Antivirus
AirInstaller
27892

File size:
1.1 MB (1,116,584 bytes)

Product version:
2.0.4.7

Copyright:
(c) AirInstaller. All rights reserved.

Original file name:
AirInstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flash player.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/24/2013 7:00:00 PM

Valid to:
3/26/2015 7:59:59 PM

Subject:
CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AC786E09219DF82DA830E461D4FC39F

File PE Metadata
Compilation timestamp:
6/27/2013 12:42:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:DIBcraQde6Bzw4v/N0jd25nBKssQOsoUh3z1:DIBTeujd25nBuQzog

Entry address:
0x250140

Entry point:
60, BE, 00, 40, 54, 00, 8D, BE, 00, D0, EB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Entropy:
7.7644

Packer / compiler:
UPX 2.90LZMA]

Code size:
1.1 MB (1,101,824 bytes)

Remove flash player.exe - Powered by Reason Core Security