home

ccleaner.exe

Firseria

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application ccleaner.exe, “Application Installer” by Firseria has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The installer is marketed through download protals and search ads as the free Piriform CCleaner but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Appsinstaller  (signed by Firseria)

Description:
Application Installer

Version:
3.1.3

MD5:
f952d36f82447121d068d9fa37fc7fc0

SHA-1:
6aadd03bb5998af1a68b7e26335d16b6b5d70265

SHA-256:
379024aef1209b84f234af7c523b90aadc7c1dc003888da59294c5ad34952f7d

Scanner detections:
29 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 10:12:30 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Firseria.A
836

Agnitum Outpost
PUA.Firseria
7.1.1

AhnLab V3 Security
PUP/Win32.Firseria
2014.10.23

Avira AntiVirus
APPL/Firseria.A.46
7.11.180.138

avast!
Win32:PUP-gen [PUP]
141003-0

AVG
Adware BundleApp.AJ
2014.0.4040

Bitdefender
Application.Bundler.Firseria.A
1.0.20.1475

Clam AntiVirus
Win.Adware.Agent-7596
0.98/21411

Comodo Security
Application.Win32.Firseria.NKP
19871

Dr.Web
Adware.Downware.2225
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Firseria
14.10.22

ESET NOD32
Win32/FirseriaInstaller.F potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.1485241
10/22/2014

F-Prot
W32/Morstar.A.gen
v6.4.7.1.166

F-Secure
Application.Bundler.Firseria
11.2014-22-10_4

G Data
Application.Bundler.Firseria
14.10.24

IKARUS anti.virus
PUA.FirseriaInstaller
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.184.13741

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
15.0.0.494

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.10.22.08

MicroWorld eScan
Application.Bundler.Firseria.A
15.0.0.885

NANO AntiVirus
Riskware.Win32.Downware.cvyseb
0.28.2.62841

nProtect
Trojan-Clicker/W32.Fiseria.300264
14.10.21.01

Reason Heuristics
PUP.Installer.Firseria.I
14.10.22.8

Sophos
Solimba Installer
4.98

SUPERAntiSpyware
Adware.BundleInstaller/Variant
10284

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4782980
33706

Zillya! Antivirus
Adware.Fiseria.Win32.17
2.0.0.1962

File size:
293.2 KB (300,264 bytes)

Product version:
3.1.1

Copyright:
Copyright © 2014

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\ccleaner.exe

Digital Signature
Signed by:
Firseria

Authority:
GlobalSign nv-sa

Valid from:
11/11/2013 1:34:44 PM

Valid to:
11/12/2014 1:34:44 PM

Subject:
E=support@solimba.com, CN=Firseria, O=Firseria, L=Badalona, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130C3B28D7C9C29B8B07321EF3F8A1462

File PE Metadata
Compilation timestamp:
3/6/2014 1:11:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:A5uRH38i5OBwdmR62zdpuQtv3NxjMjtG6ZLlYBj:A0RH3nCwdmR62Vv3NuLZLlYBj

Entry address:
0xE4B9

Entry point:
E8, CD, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 78, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 24, E1, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Code size:
115 KB (117,760 bytes)

Remove ccleaner.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.