home

avira antivirus.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application avira antivirus.exe by Apps Installer S.L has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is also typically executed from an Internet Explorer cache folder. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.
Publisher:
App.install  (signed by Apps Installer S.L.)

Description:
setup.manager

Version:
3.1.12.5

MD5:
61f2dd4bd17d1430de6a957941f6d52e

SHA-1:
fd8a037732a0fb6739d00a222c07107219079ef2

SHA-256:
d89cb61650efffac04c23d8fe1eb5e2df8460af07f0d87528998e7f198bf3a02

Scanner detections:
24 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 6:50:50 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.M
889

Agnitum Outpost
Trojan.MulDrop
7.1.1

AhnLab V3 Security
PUP/Win32.FirseriaInstaller
2014.06.14

Avira AntiVirus
APPL/FirseriaI.A
7.11.154.218

avast!
Win32:Solimba-C [PUP]
2014.9-140829

AVG
BundleApp
2015.0.3367

Bitdefender
Application.Bundler.M
1.0.20.1205

Comodo Security
Application.Win32.Firseria.K
18541

Dr.Web
Trojan.MulDrop5.32888
9.0.1.0241

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9943

F-Secure
Application.Bundler.M
11.2014-29-08_6

G Data
Application.Bundler
14.8.24

IKARUS anti.virus
PUA.Morstar
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.1712403

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
14.0.0.3332

Malwarebytes
PUP.Optional.AppsInstaller
v2014.08.29.02

McAfee
Artemis!61F2DD4BD17D
5600.7023

MicroWorld eScan
Application.Bundler.M
15.0.0.723

NANO AntiVirus
Riskware.Win32.Fiseria.dakwhg
0.28.0.60253

Panda Antivirus
Trj/Genetic.gen
14.08.29.02

Reason Heuristics
PUP.Installer.AppsInstallerSL.P
14.8.29.14

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
DownloadMR
30272

Zillya! Antivirus
Adware.Fiseria.Win32.1
2.0.0.1824

File size:
496.4 KB (508,264 bytes)

Product version:
3.1.15

Copyright:
copyright © 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\avira antivirus.exe

Digital Signature
Signed by:
Apps Installer S.L.

Authority:
Thawte, Inc.

Valid from:
2/18/2013 9:00:00 PM

Valid to:
2/19/2015 9:59:59 PM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
6/3/2014 7:18:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:cYYZr6ypt7xGspjYu+Uhx63UXBQddduJDOxeZ:cYcr6y/xxsg9BND0eZ

Entry address:
0xE05C

Entry point:
E8, 7A, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 38, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E0, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Code size:
113.5 KB (116,224 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/28638729/launch

Remove avira antivirus.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.