home

ares.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application ares.exe by Apps Installer S.L has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from www.descargargratis.com.
Publisher:
Apps Installer S.L.  (signed and verified)

Version:
3.0.0.2

MD5:
ee221bfdbeffe31bc659fb8ea17322f7

SHA-1:
6f314067df03e7b637fa3e05abb009e93a66f24f

Scanner detections:
9 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 10:10:29 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Solimba-S [PUP]
2014.9-150316

Comodo Security
Application.Win32.Solimba.KX
15995

Dr.Web
Adware.Downware.1125
9.0.1.075

ESET NOD32
MSIL/Solimba
9.8248

Fortinet FortiGate
Adware/Solimba
3/16/2015

Reason Heuristics
PUP.Bundler.Solimba
15.3.16.8

Sophos
DownloadMR
4.88

Trend Micro House Call
TROJ_GEN.F47V0413
7.2.75

VIPRE Antivirus
DownloadMR
17028

File size:
151.3 KB (154,880 bytes)

Copyright:
(c) 2010-2013 (201304111116)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR (using Nullsoft Install System)

Common path:
C:\Documents and Settings\{user}\My documents\downloads\ares.exe

Digital Signature
Signed by:
Apps Installer S.L.

Authority:
Thawte, Inc.

Valid from:
2/19/2013 1:00:00 AM

Valid to:
2/20/2015 12:59:59 AM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
3/25/2013 11:36:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:lwBElMHV8XpJe0CadTi+dMNyuaBjZyk2807xj8NnuNhNshQCYk:lmJHqMapi7YuEykJSAj1

Entry address:
0x333F

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 78, 73, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, B8, 3C, 42, 00, E8, 06, 25, 00, 00, 53, 68, 60, 01, 00, 00, A3, C0, 3B, 42, 00, 8D, 44, 24, 38, 50, 53, 68, 06, 74, 40, 00, FF, 15, 58, 71, 40, 00, 68, 00, 74, 40, 00, 68, C0, 33, 42, 00, E8, F8, 23, 00, 00, FF, 15, B0, 70, 40, 00, 50, BF, 00, 90, 42, 00, 57, E8, E6, 23, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file ares.exe has been seen being distributed by the following URL.

http://www.descargargratis.com/ares/.../ares.exe

Remove ares.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.