» bs.player.exe
Overview
Analysis
File Details
Downloads (1)

bs.player.exe

RAPIDDOWN

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application bs.player.exe by RAPIDDOWN has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from www.download366.com.

File name:

bs.player.exe

Publisher:

*Rapiddown* (signed by RAPIDDOWN)

Description:

Setup Manager

Version:

1.0.0.29

MD5:

d1e40b10f1f7a74d543c3e64357312b0

SHA-1:

05c9245b252c64d3426713f71e4f3f0720eb0697

SHA-256:

cdb3af8282ae60a28b2c779cbd119557c0a8b41c86ad4fecf20bf494a808ab19

Scanner detections:

32 / 68

Status:

Adware

Explanation:

This will bundle various adware such as the Whitesmoke Toolbar and Iminent Toolbar. "These offers will be displayed depending on the user's location as well as the configuration of his/her PC, considered normal to display 2-3 offers. Additionally, the download manager offers the optional installation of a toolbar."

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 1:22:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Bundler.Firseria.1

5687385

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2015.06.07

Avira AntiVirus

PUA/Firseria.Gen

8.3.1.6

Arcabit

Application.Bundler.Firseria.1

1.0.0.425

avast!

Win32:PUP-gen [PUP]

150602-1

AVG

Adware BundleApp.F

2014.0.4311

Bitdefender

Gen:Application.Bundler.Firseria.1

1.0.20.785

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.Morstar-1

0.98/20552

Comodo Security

Application.Win32.Bechiro.BDC

22362

Dr.Web

Trojan.DownLoader11.3311

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Bundler.Firseria

10.0.0.5366

ESET NOD32

Win32/FirseriaInstaller.C potentially unwanted application

7.0.302.0

F-Prot

W32/A-8323559f

v6.4.7.1.166

F-Secure

Riskware.Gen:Application.Bundler.Firseria

5.14.151

G Data

Gen:Application.Bundler.Firseria

15.6.25

IKARUS anti.virus

not-a-virus:Downloader.Win32.Morstar

t3scan.1.9.5.0

K7 AntiVirus

Unwanted-Program

13.204.16151

Kaspersky

not-a-virus:Downloader.Win32.Morstar

15.0.0.543

Malwarebytes

PUP.Optional.Rapiddown

v2015.06.06.11

MicroWorld eScan

Gen:Application.Bundler.Firseria.1

16.0.0.471

NANO AntiVirus

Trojan.Win32.Morstar.dmpwtr

0.30.24.1636

Norman

Gen:Application.Bundler.Firseria.1

02.06.2015 14:23:46

Panda Antivirus

PUP/Fiseria

15.06.06.11

Quick Heal

TrojanDownloader.Morstar.O3

6.15.14.00

Reason Heuristics

PUP.Installer.RAPIDDOWN

15.6.6.19

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.9C54

23.00.65.15604

Sophos

PUA 'Solimba Installer'

5.15

Vba32 AntiVirus

Downloader.Morstar

3.12.26.4

VIPRE Antivirus

Threat.4150696

40830

Zillya! Antivirus

Downloader.Morstar.Win32.3

2.0.0.2209

File size:

172.4 KB (176,488 bytes)

Product version:

3.0.26

Original file name:

inst4ll·3x3

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\bs.player.exe

Digital Signature

Signed by:

RAPIDDOWN

Authority:

DigiCert Inc

Valid from:

11/26/2013 7:00:00 PM

Valid to:

12/1/2014 7:00:00 AM

Subject:

CN=RAPIDDOWN, O=RAPIDDOWN, L=Badalona, S=Barcelona, C=ES

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

02E94F6B0DC7BF53B8B6341C02DE4104

File PE Metadata

Compilation timestamp:

12/30/2013 10:43:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:HfwFBn/RRVtCkR495OpHOMnKEUJVBz20OW4Y/T8tEY1:HYFBn/RRVtCcVHrnwJVBztr41

Entry address:

0x60117

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Entropy:

7.8873

Packer / compiler:

ASPack v1.08.04

Code size:

100.5 KB (102,912 bytes)

The file bs.player.exe has been seen being distributed by the following URL.

http://www.download366.com/bsplayer/download/.../401

Remove bs.player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.