home

appiance.exe

Appiance

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application appiance.exe by SIEN S.A has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Appiance’.
Publisher:
The Appiance Authors  (signed by SIEN S.A.)

Product:
Appiance

Version:
39.0.2132.9

MD5:
c6209a59836325dead87eae573a650c4

SHA-1:
3f267e18fa5724af1d224d7cbbd2c8ab1173aa85

SHA-256:
42f707f9bd30f80f690743f0195a095d8f3b83be54402a8d9878ac8f1744d2a4

Scanner detections:
4 / 68

Status:
Potentially unwanted

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 9:34:33 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
PUA/Iminent.AB
3.6.1.96

Bkav FE
W32.HfsAdware
1.3.0.6379

Qihoo 360 Security
Win32/Virus.IM.bd4
1.0.0.1015

Reason Heuristics
Threat.Sien.Bundler
15.4.19.17

File size:
819.1 KB (838,776 bytes)

Product version:
39.0.2132.9

Copyright:
Copyright 2013 The Appiance Authors. All rights reserved.

Original file name:
chrome.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\appiance\application\appiance.exe

Digital Signature
Signed by:
SIEN S.A.

Authority:
GlobalSign nv-sa

Valid from:
5/12/2014 9:20:39 AM

Valid to:
5/13/2015 9:20:39 AM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D12A06D1B366EFC0AF40F74B7D6BFEFE

File PE Metadata
Compilation timestamp:
3/25/2015 1:47:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:QVl7pzx7buoGLBK7NNGpS+H67iwHDma0M7nm/EY87I0mZkaCgNZ7WddJ8tUM+:QVVGta7iQ3ns6Ifk8na

Entry address:
0x3E008

Entry point:
E8, 87, B2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 08, 99, F7, 7D, 0C, 5D, C3, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, E5, 1C, 00, 00, 6A, 16, 5E, 89, 30, E8, 0C, F1, FF, FF, 8B, C6, 5F, 5E, 5B, 8B, E5, 5D, C3, 6A...
 
[+]

Code size:
354 KB (362,496 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Appiance

Command:
"C:\users\{user}\appdata\local\appiance\application\appiance.exe" --namespace="taraji1919"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-54-225-227-202.compute-1.amazonaws.com  (54.225.227.202:443)

TCP (HTTP):
Connects to a104-75-229-131.deploy.static.akamaitechnologies.com  (104.75.229.131:80)

TCP (HTTP SSL):
Connects to ec2-54-225-76-175.compute-1.amazonaws.com  (54.225.76.175:443)

TCP (HTTP SSL):
Connects to lr-in-f113.1e100.net  (209.85.233.113:443)

TCP (HTTP SSL):
Connects to ec2-54-225-121-9.compute-1.amazonaws.com  (54.225.121.9:443)

TCP (HTTP):
Connects to waws-prod-am2-001.cloudapp.net  (65.52.128.33:80)

TCP (HTTP):
Connects to c0.a2.2ca9.ip4.static.sl-reverse.com  (169.44.162.192:80)

TCP (HTTP):
Connects to ec2-54-235-146-128.compute-1.amazonaws.com  (54.235.146.128:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-fra3.facebook.com  (31.13.93.36:443)

TCP (HTTP):
Connects to ec2-107-23-60-50.compute-1.amazonaws.com  (107.23.60.50:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:443)

TCP (HTTP SSL):
Connects to wb-in-f154.1e100.net  (66.102.1.154:443)

TCP (HTTP SSL):
Connects to lr-in-f97.1e100.net  (209.85.233.97:443)

TCP (HTTP):
Connects to ec2-54-225-215-51.compute-1.amazonaws.com  (54.225.215.51:80)

TCP (HTTP):
Connects to ec2-50-19-125-7.compute-1.amazonaws.com  (50.19.125.7:80)

TCP (HTTP SSL):
Connects to ec2-50-19-113-170.compute-1.amazonaws.com  (50.19.113.170:443)

TCP (HTTP):
Connects to ec2-23-23-112-220.compute-1.amazonaws.com  (23.23.112.220:80)

TCP (HTTP):
Connects to ec2-52-77-135-190.ap-southeast-1.compute.amazonaws.com  (52.77.135.190:80)

TCP (HTTP):
Connects to ec2-52-207-48-5.compute-1.amazonaws.com  (52.207.48.5:80)

TCP (HTTP SSL):
Connects to cache.google.com  (208.117.231.153:443)

Remove appiance.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.