» avs_media_player.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

avs_media_player.exe

AVS Media Player

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application avs_media_player.exe, “AVS Media Player AppInstaller” by Apps Installer S.L has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

Publisher:

Apps Installer S.L. (signed and verified)

Product:

AVS Media Player

Description:

AVS Media Player AppInstaller

Version:

3.0.7.0

MD5:

2845048f20f6bad2c3bcab0f62ceaaca

SHA-1:

69ec67bc46ee911552dd48b0ab139c69757f383c

SHA-256:

b4a4e790a399e323c67493601042cf52e474dd6da675da5e991ac3c7c291ec6c

Scanner detections:

27 / 68

Status:

Adware

Explanation:

This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/26/2024 7:01:41 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Solimba

7.1.1

Avira AntiVirus

APPL/Solimba.Gen

7.11.159.112

avast!

Solimba-C [PUP]

2014.9-151101

AVG

AdInstaller.V

2016.0.2939

Baidu Antivirus

Adware.Win32.Fiseria

4.0.3.15111

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.Solimba.GW

18815

Dr.Web

Adware.Downware.1125

9.0.1.0305

ESET NOD32

MSIL/Solimba

9.8398

Fortinet FortiGate

Adware/Solimba

11/1/2015

G Data

MSIL.Application.Solimba

15.11.25

IKARUS anti.virus

APPL

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.180.12657

Kaspersky

not-a-virus:AdWare.Win32.Fiseria

14.0.0.1189

Malwarebytes

PUP.Optional.Solimba

v2015.11.01.03

McAfee

Artemis!2845048F20F6

5600.6595

NANO AntiVirus

Riskware.Win32.Solimba.czyjmb

0.28.0.60698

Panda Antivirus

Adware/Solimba

15.11.01.03

Qihoo 360 Security

Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.Solimba.AppsInstaller.Installer (M)

15.11.1.3

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.5C42

23.00.65.151030

Sophos

DownloadMR

4.89

SUPERAntiSpyware

Trojan.Agent/Gen-MSIL

9535

Trend Micro House Call

TROJ_GEN.F47V0518

7.2.305

Trend Micro

ADW_SOLIMBA

10.465.01

Vba32 AntiVirus

Signed-Downware.Morstar.AppsInstallerSL

3.12.26.3

VIPRE Antivirus

DownloadMR

18306

File size:

194.4 KB (199,096 bytes)

AppInstaller 2013 (5174d730-9b7c-44a4-b61d-75d05bc06f2f)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\avs_media_player.exe

Digital Signature

Signed by:

Apps Installer S.L.

Authority:

Thawte, Inc.

Valid from:

2/18/2013 7:00:00 PM

Valid to:

2/19/2015 6:59:59 PM

Subject:

CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata

Compilation timestamp:

2/19/2012 10:01:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

3072:cX7DItrfaocyTgfsqQOlJNq10CgXFpqJI8xV25X1nr1OPN3pos7W/qktAT:csaocyLCcdgXF0JI1tBOPN357cptAT

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.5595

Code size:

34.5 KB (35,328 bytes)

The file avs_media_player.exe has been seen being distributed by the following URL.

http://dl01.fabdmr.com/n/.../AVS_Media_Player.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/98258499/launch

Remove avs_media_player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.