home

1stbrowser.exe

ClInstaller

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application 1stbrowser.exe by SIEN S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer.
Publisher:
SIEN  (signed by SIEN S.A.)

Product:
ClInstaller

Version:
1.36.3.7

MD5:
17e0e255ffc0ddadfd8cb5a62dc11e48

SHA-1:
adb1080fb089f99d8f24d14e4fa3844b556645e4

SHA-256:
6659e8f2585fa256e4cbf281e7807686611c7868d4be02bc000c75c0f95b98c2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/8/2024 12:05:20 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien (M)
17.3.6.13

File size:
2 MB (2,071,728 bytes)

Product version:
1.36.3.7

Copyright:
Copyright (C) 2015

Original file name:
CleanIns.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\downloads\1stbrowser.exe

Digital Signature
Signed by:
SIEN S.A.

Authority:
GlobalSign nv-sa

Valid from:
2/17/2015 7:45:29 AM

Valid to:
6/12/2016 4:20:39 AM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112158A643D1C958507AAB7FE826772BFA60

File PE Metadata
Compilation timestamp:
9/2/2015 9:17:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x130046

Entry point:
E8, 15, 33, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 28, C9, 59, 00, 8D, 7D, E0, F3, A5, 8B, 75, 0C, 8B, 7D, 08, 85, F6, 74, 13, F6, 06, 10, 74, 0E, 8B, 0F, 83, E9, 04, 51, 8B, 01, 8B, 70, 18, FF, 50, 20, 89, 7D, F8, 89, 75, FC, 85, F6, 74, 0C, F6, 06, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 1C, 12, 57, 00, 5F, 5E, 8B, E5, 5D, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51...
 
[+]

Code size:
1.4 MB (1,507,328 bytes)

Remove 1stbrowser.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.