microsoftsilverlightupdatesetup.exe

Microsoft Silverlight

Download Assistant

This is part of the Air Installer, a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application microsoftsilverlightupdatesetup.exe by Download Assistant has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the AirInstaller Download Manager installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Download Assistant  (signed and verified)

Product:
Microsoft Silverlight

Version:
3.0.0.104

MD5:
223233e502ea675b30f4717e1ebe003f

SHA-1:
106a4d0c25da458aafd32a5b275a37783f700175

SHA-256:
f2012a080a1dbe28a17e58197802aedd43e031b13e49aa6690d2125ebd0ef6ba

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Bundles additional software, mostly toolbars and other potentially unwanted applications using the Vittalia monitization installer.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 1:33:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.AirInstaller.5
5639178

AhnLab V3 Security
PUP/Win32.Bundler
2015.06.03

Avira AntiVirus
TR/Crypt.XPACK.Gen
7.11.30.172

Arcabit
Trojan.Application.Bundler.AirInstaller.5
1.0.0.425

avast!
Win32:Adware-CKC [PUP]
150602-1

AVG
Generic
2016.0.3089

Bitdefender
Gen:Variant.Application.Bundler.AirInstaller.5
1.0.20.770

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.DownloadAssistant.S
22322

Dr.Web
Trojan.Vittalia.30
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.AirInstaller
10.0.0.5366

ESET NOD32
Win32/DownloadAssistant.A potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.14.151

G Data
Gen:Variant.Application.Bundler.AirInstaller
15.6.25

K7 AntiVirus
Unwanted-Program
13.204.16124

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.06.03.12

MicroWorld eScan
Gen:Variant.Application.Bundler.AirInstaller.5
16.0.0.462

NANO AntiVirus
Trojan.Win32.Vittalia.dqfrig
0.30.24.1636

Norman
Gen:Variant.Application.Bundler.AirInstaller.5
02.06.2015 14:23:46

Panda Antivirus
Trj/Genetic.gen
15.06.03.12

Reason Heuristics
PUP.Air Software.Bundler
15.6.3.12

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15601

VIPRE Antivirus
Threat.4782985
40786

File size:
960.7 KB (983,736 bytes)

Product version:
3.0.0.104

Copyright:
(c) Download Assistant

Original file name:
MicrosoftSilverlightSetup-25370073.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
AirInstaller Download Manager

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\microsoftsilverlightupdatesetup.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
2/16/2015 5:00:00 AM

Valid to:
2/17/2016 4:59:59 AM

Subject:
CN=Download Assistant, O=Download Assistant, L=Victoria, S=British Columbia, C=CA

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3784E4CAC60231ED82FD7E8E845E8CE3

File PE Metadata
Compilation timestamp:
5/26/2015 4:45:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:0PuEn6lrP4hnA8Day7z+4WD89tBXae1MPfgfYgIXGedpfcEtiGi/wcZ63k94rPg9:0tc4h/X7z+A9KMGNXGSfmZ/nKr4JwIv

Entry address:
0x126A

Entry point:
55, 8B, EC, 83, EC, 10, 53, 56, 57, 6A, 00, FF, 15, 08, 10, 49, 00, 8B, F8, 33, D2, 8B, CF, 8B, 5F, 3C, 03, DF, 2B, 05, 1C, 10, 40, 00, 89, 45, F4, 1B, D2, F7, D8, 89, 55, F8, 0F, B7, 73, 14, 83, D2, 00, F7, DA, 89, 75, F0, 52, 8B, 93, A0, 00, 00, 00, 50, 8B, 44, 1E, 24, 03, 05, 28, 10, 40, 00, 50, FF, B3, A4, 00, 00, 00, E8, 88, FD, FF, FF, 8B, 54, 1E, 28, 83, C4, 10, A1, 28, 10, 40, 00, 2B, D0, 83, FA, 01, 76, 0D, 8B, 4C, 1E, 24, 03, C8, 03, CF, E8, F2, FE, FF, FF, A1, 20, 10, 40, 00, 83, C6, 40, 03, F3...
 
[+]

Entropy:
7.0537

Developed / compiled with:
Microsoft Visual C++

Code size:
574 KB (587,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to useast.gtdlrfwd.com  (104.131.2.201:80)

TCP (HTTP):
Connects to new-york-2.cdn77.com  (92.242.140.21:80)

Remove microsoftsilverlightupdatesetup.exe - Powered by Reason Core Security