home

bitdefender.exe

RAPIDDOWN

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application bitdefender.exe by RAPIDDOWN has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from pt.download366.info.
Publisher:
Frser¡a s·l·  (signed by RAPIDDOWN)

Description:
DownloaddMger

Version:
1.0.0.26

MD5:
43abafedd89b671f3b6a7aa34d332902

SHA-1:
cfd7ecab552ae35f650b4c0b8e33c570af4de96d

SHA-256:
9ef2b225e258f47f4471b1579027ea1cea5b96ee497c1ccc01968d23daa61cb8

Scanner detections:
20 / 68

Status:
Adware

Explanation:
This will bundle various adware such as the Whitesmoke Toolbar and Iminent Toolbar. "These offers will be displayed depending on the user's location as well as the configuration of his/her PC, considered normal to display 2-3 offers. Additionally, the download manager offers the optional installation of a toolbar."

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 9:08:33 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downloader
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.142.206

AVG
BundleApp.J
2015.0.3507

Comodo Security
Application.Win32.FirseriaInstaller.AB
18087

Dr.Web
Trojan.DownLoader11.3085
9.0.1.0101

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9667

Fortinet FortiGate
Adware/Sality.MO
4/11/2014

G Data
Win32.Application.Craftor
14.4.24

IKARUS anti.virus
not-a-virus:Downloader.Win32.Morstar
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11737

Kaspersky
not-a-virus:Downloader.Win32.Morstar
14.0.0.4032

Malwarebytes
PUP.Optional.Firseria
v2014.04.11.03

NANO AntiVirus
Trojan.Win32.Morstar.creklv
0.28.0.59048

Panda Antivirus
PUP/Fiseria
14.04.11.03

Qihoo 360 Security
Malware.QVM11.Gen
1.0.0.1015

Reason Heuristics
PUP.RAPIDDOWN.L
14.8.15.17

Rising Antivirus
PE:PUF.FirseriaInstaller@CV!1.9C54
23.00.65.14409

Sophos
Solimba Installer
4.98

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
28194

File size:
190.4 KB (194,920 bytes)

Product version:
3.0.26

Copyright:
copyright·©·2013

Original file name:
¡nstal·exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\bitdefender.exe

Digital Signature
Signed by:
RAPIDDOWN

Authority:
DigiCert Inc

Valid from:
11/26/2013 10:00:00 PM

Valid to:
12/1/2014 10:00:00 AM

Subject:
CN=RAPIDDOWN, O=RAPIDDOWN, L=Badalona, S=Barcelona, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
02E94F6B0DC7BF53B8B6341C02DE4104

File PE Metadata
Compilation timestamp:
12/12/2013 2:58:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:HmproPrY4DivfRsG25ArTL7shLWZtezEh6LtxcPykJ1H8m5Lqa1RSqTnayOPaTi3:HmpWY42X85A0hL4tezlLXcqIcKLrRSqK

Entry address:
0x62A40

Entry point:
60, BE, 00, A0, 43, 00, 8D, BE, 00, 70, FC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
164 KB (167,936 bytes)

The file bitdefender.exe has been seen being distributed by the following URL.

http://pt.download366.info/bitdefender/download/.../965

Remove bitdefender.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.