home

media player update.exe

HD Player

Air Software

Warning, this is not the legitimate setup program for HD Player. The setup is bootstrapped by the Air Installer 'download manager' (a pay-per-install monetization download manager) that bundles unwanted software (adware, toolbars, extensions) during setup while deciving the user into thinking they are downloading the stadard installation setup from HD Player. The application media player update.exe, “HD Player ” by Air Software has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer.
Publisher:
Install Manager   (signed by Air Software)

Product:
HD Player

Description:
HD Player

Version:
2.0.91.0

MD5:
56ff73028cceead6a7b5211dc2668070

SHA-1:
a370c4c38ffe3c23a10f85555e066a24625d749e

SHA-256:
0539da7fbc9b868996943d869be9d7ae5045845dce950a0a2f16094ffdaf5f2d

Scanner detections:
19 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/7/2025 7:26:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.153852
799

AhnLab V3 Security
PUP/Win32.Installer
2014.11.28

Avira AntiVirus
ADWARE/Adware.Gen
7.11.189.62

avast!
Win32:Adware-gen [Adw]
141119-1

AVG
Airsoftware
2015.0.3277

Bitdefender
Gen:Variant.Adware.Graftor.153852
1.0.20.1655

Comodo Security
Application.Win32.AirAdInstaller.A
20214

Dr.Web
Threat.Undefined
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.153852
9.0.0.4570

ESET NOD32
Win32/AirAdInstaller.A potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor.153852
11.2014-27-11_5

G Data
Gen:Variant.Adware.Graftor.153852
14.11.24

IKARUS anti.virus
PUA.AirAdInstaller
t3scan.1.8.3.0

K7 AntiVirus
Unwanted-Program
13.186.14161

Malwarebytes
PUP.Optional.AirInstaller
v2014.11.27.07

MicroWorld eScan
Gen:Variant.Adware.Graftor.153852
15.0.0.993

Panda Antivirus
Adware/AirInstaller
14.11.27.07

Reason Heuristics
DownloadManager.AirSoftware.T
14.11.27.19

VIPRE Antivirus
Threat.4784938
35088

File size:
919.4 KB (941,440 bytes)

Product version:
2.0.91.0

Copyright:
(c) Install Manager

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\downloads\media player update.exe

Digital Signature
Signed by:
Air Software

Authority:
VeriSign, Inc.

Valid from:
1/24/2013 8:00:00 PM

Valid to:
3/26/2015 8:59:59 PM

Subject:
CN=Air Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Air Software, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3AC786E09219DF82DA830E461D4FC39F

File PE Metadata
Compilation timestamp:
11/24/2014 2:51:00 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:2bMTdFxlNb0rj4lv9hUFGFLe8GUFaXHaeJi:kMTdFerjO+aLe8GUFY67

Entry address:
0x2A6630

Entry point:
60, BE, 00, 20, 5D, 00, 8D, BE, 00, F0, E2, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.8732

Packer / compiler:
UPX 2.90LZMA

Code size:
852 KB (872,448 bytes)

The file media player update.exe has been seen being distributed by the following URL.

http://files.myinternetserecurity.com/get/click/.../?uid=eA10QJytBT&sid=63762401&filename=Media Player Update

Remove media player update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.