» adobe flash player.exe
Overview
Analysis
File Details
Downloads (2)
Network (2)

adobe flash player.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application adobe flash player.exe by Apps Installer S.L has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from dl.downloadiechahrixiew.com and multiple other hosts. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.

File name:

Publisher:

App.install (signed by Apps Installer S.L.)

Description:

setup.manager

Version:

3.1.12.5

MD5:

404001ba892e60b06d019353f3f745c9

SHA-1:

8152be6c1223cde1b85bfbc6be9db0648dc496d6

SHA-256:

743d2248a689d1dfc039a97cf950288632c1d2cb535bc23978a6c5c84d844652

Scanner detections:

30 / 68

Status:

Adware

Explanation:

This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 11:19:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.M

872

Agnitum Outpost

Trojan.MulDrop

7.1.1

AhnLab V3 Security

PUP/Win32.FirseriaInstaller

2014.09.16

Avira AntiVirus

APPL/FirseriaI.A

7.11.153.178

avast!

Win32:Solimba-C [PUP]

2014.9-140915

AVG

Adware BundleApp.EA

2014.0.4015

Bitdefender

Application.Bundler.M

1.0.20.1290

Clam AntiVirus

Win.Trojan.Application-478

0.98/21411

Comodo Security

Application.Win32.Firseria.K

18446

Dr.Web

Trojan.MulDrop5.32888

9.0.1.0258

Emsisoft Anti-Malware

Dropped:Application.Bundler.Firseria

14.09.15

ESET NOD32

Win32/FirseriaInstaller (variant)

8.9907

F-Prot

W32/A-c99c506c

v6.4.7.1.166

F-Secure

Application.Bundler.M

11.2014-15-09_2

G Data

Win32.Application.Morstar

14.9.24

herdProtect (fuzzy)

variant of pdf%20download(1).exe (Adware)

2014.11.15.17

IKARUS anti.virus

PUA.Morstar

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.1712319

Kaspersky

not-a-virus:AdWare.Win32.Fiseria

15.0.0.494

Malwarebytes

PUP.Optional.AppsInstaller

v2014.09.15.07

McAfee

Artemis!D5103E38C18A

5600.6945

MicroWorld eScan

Application.Bundler.M

15.0.0.774

NANO AntiVirus

Riskware.Win32.Fiseria.dakwhg

0.28.2.61942

nProtect

Trojan-Clicker/W32.Fiseria.509416.B

14.09.15.01

Panda Antivirus

Adware/Solimba

14.09.15.07

Reason Heuristics

PUP.Installer.AppsInstallerSL.T

14.9.15.17

Sophos

Solimba Installer

4.98

Vba32 AntiVirus

Downware.Morstar

3.12.26.0

VIPRE Antivirus

Threat.4782980

29800

Zillya! Antivirus

Adware.Fiseria.Win32.1

2.0.0.1924

File size:

497.5 KB (509,416 bytes)

Product version:

3.1.15

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\adobe flash player.exe

Digital Signature

Signed by:

Apps Installer S.L.

Authority:

Thawte, Inc.

Valid from:

2/19/2013 1:00:00 AM

Valid to:

2/20/2015 12:59:59 AM

Subject:

CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata

Compilation timestamp:

6/3/2014 12:18:13 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:xYYZr6ypt7xGspjYu+Uhx63UXBQddduJDOxeD:xYcr6y/xxsg9BND0eD

Entry address:

0xE05C

Entry point:

E8, 7A, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 38, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E0, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64... 
[+]

Code size:

113.5 KB (116,224 bytes)

The file adobe flash player.exe has been seen being distributed by the following 2 URLs.

http://dl.downloadiechahrixiew.com/n/3.1.12.5/.../Adobe Flash Player .exe

http://de.win-install.net/adobe-flash-player/download/.../10215

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/30759009/launch

Remove adobe flash player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.