infoatoms-setup.exe

InfoAtoms

InfoAtoms Inc.

This is part of the InfoAtoms browser extension which will display variopus forms of advertising in the web browser by injecting new ads such as banner, text-links and search results. The application infoatoms-setup.exe, “InfoAtoms Installer” by InfoAtoms has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from cdn.airdlr9.com and multiple other hosts.
Publisher:
InfoAtoms Inc.  (signed and verified)

Product:
InfoAtoms

Description:
InfoAtoms Installer

Version:
1.5.0.0

MD5:
95aea1de4f294faa318a5f8cba918736

SHA-1:
aa42eeb11c54cf9cacd2385ea1c3c7974826ca1a

SHA-256:
640dc798216ff158e91e3f4d67ddd03002b221ee355a164760b9dcc979302b2b

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
12/25/2024 12:55:24 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:InfoAtoms-A [Adw]
2014.9-130829

Bkav FE
W32.Clod026.Trojan
1.3.0.4613

Boost by Reason
Adware.Installer.InfoAtoms.P
2013.8.29.0

Dr.Web
Adware.Plugin.70
9.0.1.0241

ESET NOD32
Win32/AdWare.Vitruvian (variant)
7.9190

IKARUS anti.virus
AdWare.Win32.InfoAtoms
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10656

McAfee
Artemis!95AEA1DE4F29
5600.7271

Microsoft Security Essentials
Adware:Win32/InfoAtoms
1.165.247.01

Quick Heal
Adware.InfoAtoms (Not a Virus)
8.13.12.00

Reason Heuristics
PUP.Installer.InfoAtoms.P
14.3.1.0

Trend Micro House Call
HV_INFOATOMS_CH1603A5.UVPA
7.2.330

VIPRE Antivirus
InfoAtoms
24866

File size:
1.1 MB (1,195,336 bytes)

Product version:
1.5.0.0

Copyright:
Copyright 2012 InfoAtoms Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\infoatoms-setup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
4/12/2012 2:06:59 PM

Valid to:
4/3/2013 4:35:07 PM

Subject:
CN=InfoAtoms Inc., O=InfoAtoms Inc., L=La Jolla, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
04788136C18C1C

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:6x0F8oULwuIo35hY8mCfZ90Tb95r7uH4BYeyTIkgo904zcvZbEblpkeLdzx:B8vUAhnmCf49J7uJe1k//ebgpN5x

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9843

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file infoatoms-setup.exe has been seen being distributed by the following 2 URLs.

Remove infoatoms-setup.exe - Powered by Reason Core Security