» atheros ar9287 wireless adapter driver 8.0.0.238 for windows 7 x64 driver.exe
Overview
Analysis
File Details
Network (2)

atheros ar9287 wireless adapter driver 8.0.0.238 for windows 7 x64 driver.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application atheros ar9287 wireless adapter driver 8.0.0.238 for windows 7 x64 driver.exe by Apps Installer S.L has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.

File name:

Publisher:

Appsinstall (signed by Apps Installer S.L.)

Description:

setup manager

Version:

3.1.12

MD5:

e8caf155dda3d4c4c710bb1a3db28de6

SHA-1:

8049a6f2d3e82154c85e8e5a7a2015fa59156297

SHA-256:

3be36a4bd3a98c21d1733bd2054758fae14ab12f0773eefda07db49738d8f1bc

Scanner detections:

31 / 68

Status:

Adware

Explanation:

This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/16/2024 2:07:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.J

865

Agnitum Outpost

PUA.Firseria

7.1.1

AhnLab V3 Security

PUP/Win32.FirseriaInstaller

2014.09.23

Avira AntiVirus

APPL/FirseriaH.A.2

7.11.152.200

avast!

Win32:Solimba-C [PUP]

2014.9-140922

AVG

BundleApp

2015.0.3343

Bitdefender

Application.Bundler.J

1.0.20.1325

Clam AntiVirus

Win.Trojan.Agent-723660

0.98/19414

Comodo Security

Application.Win32.Firseria.CJL

18418

Dr.Web

Adware.Downware.4319

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler

14.09.22

ESET NOD32

Win32/FirseriaInstaller (variant)

8.9886

F-Prot

W32/A-8319497a

v6.4.7.1.166

F-Secure

Application.Bundler.J

11.2014-22-09_2

G Data

Win32.Application.Morstar

14.9.24

herdProtect (fuzzy)

variant of hack tool.exe (Adware)

2014.12.4.16

IKARUS anti.virus

AdWare.BundleApp

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13451

Kaspersky

not-a-virus:AdWare.Win32.Fiseria

15.0.0.494

Malwarebytes

PUP.Optional.InstallCore

v2014.09.22.01

McAfee

Artemis!78B5011FAD4B

5600.6927

MicroWorld eScan

Application.Bundler.J

15.0.0.795

NANO AntiVirus

Trojan.Win32.DownLoader11.czvwwp

0.28.0.60100

nProtect

Trojan-Clicker/W32.Fiseria.505704

14.09.22.01

Panda Antivirus

Trj/Genetic.gen

14.09.22.01

Reason Heuristics

PUP.Installer.AppsInstallerSL.?

14.9.22.11

Sophos

Solimba Installer

4.98

Trend Micro House Call

TROJ_GEN.F47V0601

7.2.338

Vba32 AntiVirus

Downware.Morstar

3.12.26.0

VIPRE Antivirus

DownloadMR

29892

Zillya! Antivirus

Downloader.Solimba.Win32.4

2.0.0.1929

File size:

493.9 KB (505,704 bytes)

Product version:

3.1.15

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\atheros%20ar9287%20wireless%20adapter%20driver%208.0.0.238%20for%20windows%207%20x64%20driver.exe

Digital Signature

Signed by:

Apps Installer S.L.

Authority:

Thawte, Inc.

Valid from:

2/19/2013 1:00:00 AM

Valid to:

2/20/2015 12:59:59 AM

Subject:

CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata

Compilation timestamp:

5/29/2014 5:26:10 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:L3ma4bE/SPQHqkdTvL7Ff456p9HKuJC7V:L3b4bEiFCVMaX4V

Entry address:

0xE8DA

Entry point:

E8, 7C, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 60, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 10, E1, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64... 
[+]

Code size:

115.5 KB (118,272 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/31985547/launch

Remove atheros ar9287 wireless adapter driver 8.0.0.238 for windows 7 x64 driver.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.