» adware - desk 365.exe
Overview
Analysis
File Details
Network (2)

adware - desk 365.exe

installer manager

SETUPPROCESS

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application adware - desk 365.exe, “·Installer Manager·” by SETUPPROCESS has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

Publisher:

·RapidDown· (signed by SETUPPROCESS)

Product:

installer manager

Description:

·Installer Manager·

Version:

1.0.0.32

MD5:

7ae7bed1b8e26105b319b4bc03840527

SHA-1:

d9c042b71e3d463556f03d5bc513a4a1616c3ba8

SHA-256:

e52c143f20802ea889329eadaa1a94ed0416cbd832ec64916a0ebb2128e7c6eb

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/29/2024 10:32:31 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

Unwanted/Win32.Firseriainstaller

2014.02.17

Avira AntiVirus

TR/Dropper.Gen

7.11.131.252

Comodo Security

Application.Win32.FirseriaInstaller.CCE

17799

Dr.Web

Trojan.DownLoader11.3511

9.0.1.048

ESET NOD32

Win32/FirseriaInstaller (variant)

8.9431

Fortinet FortiGate

Adware/Firseria

2/17/2014

G Data

Win32.Application.Morstar

14.2.24

IKARUS anti.virus

not-a-virus:Downloader.Win32.Morstar

t3scan.2.2.29

Kaspersky

not-a-virus:Downloader.Win32.Morstar

14.0.0.4296

Malwarebytes

PUP.Optional.Rapiddown

v2014.02.17.08

NANO AntiVirus

Trojan.Win32.Morstar.csztiw

0.28.0.57630

Panda Antivirus

Trj/Genetic.gen

14.02.17.08

Qihoo 360 Security

HEUR/Malware.QVM11.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.SETUPPROCESS.T

14.8.8.3

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.5C42

23.00.65.14215

Sophos

Solimba Installer

4.97

Vba32 AntiVirus

Downware.Morstar

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

26544

File size:

209.4 KB (214,384 bytes)

Product version:

3.0.26

Original file name:

installer·exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\Program Files\virus\adware - desk%20365.exe

Digital Signature

Signed by:

SETUPPROCESS

Authority:

DigiCert Inc

Valid from:

11/27/2013 1:00:00 AM

Valid to:

12/1/2014 1:00:00 PM

Subject:

CN=SETUPPROCESS, O=SETUPPROCESS, L=Badalona, S=Barcelona, C=ES

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0A8ABFC7C80D0C2F0A3A89CF6139A91D

File PE Metadata

Compilation timestamp:

1/14/2014 4:00:13 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:YZC4Yrkzhw7On+ABGiV15NK6pMNnjkxjR6OusO1w32e4ekHX7FTNrAZ7OmE4It1Y:oZYIwCG85HyNnCR6Oa1wmJDFJrW72Ls

Entry address:

0x80850

Entry point:

60, BE, 00, 30, 45, 00, 8D, BE, 00, E0, FA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Code size:

184 KB (188,416 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/7194711/launch

Remove adware - desk 365.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.