AirInstaller

Category: Adware and PUAs Protection available since:03 May 2013 23:37:07 (GMT)
Type: Unspecified PUA Last Updated:03 Dec 2014 05:57:46 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

AirInstaller is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users' computers by default, but may include an option to 'opt-out' during or after the installation process.

Examples of AirInstaller include:

Example 1

File Information

Size
807K
SHA-1
0003b7b9b86d1f8cb82ae80aee6288e7498325de
MD5
b3b26f700c35eeb9bd5dee3afe349d86
CRC-32
c3f304b9
File type
Windows executable
First seen
2013-09-19

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\setup.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\header_.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\footer.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\modal-overlay.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\cancelheader.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\done.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\girl.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\feed.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\btn_decline.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\css\modal-overlay.css
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\config\settings.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\js\modal-overlay.js
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\de.lang
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\offerheader.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\es.lang
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\bg_full.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\cancel.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\complete.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\summarypage.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\bg.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\cancelfooter.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\yontoo-layers.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\btn_skip_all.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\downloadpage.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\offerfooter.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\sprite.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\sprite-top.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\header.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\bg_old.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\html\intropage.html
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\btn_next.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\btn_next_disabled.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\thumb.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\thumb_lock.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\topbar.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\yontoo.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\images\top-sprite.png
  • c:\Documents and Settings\test user\Local Settings\Temp\3kG4ScFKvM\theme\css\style.css
Processes Created
  • c:\docume~1\support\locals~1\temp\setup.exe
  • c:\windows\system32\dumprep.exe
HTTP Requests
  • http://cdn1.airdlrstatic.com/themes/theme_5/software_238.zip
  • http://cdn1.airdlrstatic.com/themes/theme_5/theme_5.zip
  • http://trk.airinstaller.com/get/event/
  • http://trk.airinstaller.com/get/file_size/
  • http://trk.airinstaller.com/get/launch/
  • http://trk.airinstaller.com/get/log/
  • http://trk.airinstaller.com/get/log_level/
  • http://trk.airinstaller.com/get/session/
DNS Requests
  • cdn1.airdlrstatic.com
  • trk.airinstaller.com

Example 2

File Information

Size
1.1M
SHA-1
000b9d4291d34bc27f4fd89ff76d2ac8b16e84f8
MD5
00db9003237bb77b0d355aa76df05a4e
CRC-32
3949a379
File type
Windows executable
First seen
2013-04-19

Runtime Analysis

HTTP Requests
  • http://trk.airinstaller.com/get/log_level/
DNS Requests
  • trk.airinstaller.com

Example 3

File Information

Size
808K
SHA-1
0010ae5ef1bd2af338cb7a4134ca6562d2f9538e
MD5
4436e9f9e8d7d71f19c9a363994dbba0
CRC-32
3cd77c66
File type
Windows executable
First seen
2013-09-28

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\setup.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013092820130929
    CacheRepair
    0x00000000
Processes Created
  • c:\docume~1\support\locals~1\temp\setup.exe
HTTP Requests
  • http://air.rdrcts.com/geo/3vSpaN/
  • http://beacon-5.newrelic.com/1/88c074814d
  • http://cdn1.airdlrstatic.com/themes/theme_5/software_214.zip
  • http://cdn1.airdlrstatic.com/themes/theme_5/theme_5.zip
  • http://js-agent.newrelic.com/nr-100.js
  • http://trk.airinstaller.com/get/cancel/
  • http://trk.airinstaller.com/get/event/
  • http://trk.airinstaller.com/get/file_size/
  • http://trk.airinstaller.com/get/launch/
  • http://trk.airinstaller.com/get/log/
  • http://trk.airinstaller.com/get/log_level/
  • http://trk.airinstaller.com/get/session/
DNS Requests
  • air.rdrcts.com
  • beacon-5.newrelic.com
  • cdn1.airdlrstatic.com
  • js-agent.newrelic.com
  • trk.airinstaller.com

download Try Sophos products for free
Download now