» ccleaner.exe
Overview
Analysis
File Details

ccleaner.exe

FIRSERIA, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application ccleaner.exe by FIRSERIA, S.L has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. With this installer, users are expecting to download the free Piriform CCleaner but before that occurs they may be presented with additional offers, mostly potentially unwanted software or adware.

File name:

ccleaner.exe

Publisher:

Firseria (signed by FIRSERIA, S.L.)

Description:

installer

Version:

1.0.0.11

MD5:

20d223984091db2f53afdb33a0d24c48

SHA-1:

d8b183ea4081be9e61f56f9e3679cb4a506e2f73

SHA-256:

e80efa3f565f0c29dbb2c3b9f4180769f3332eff05759f8ac82cf52ab397625d

Scanner detections:

21 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 8:51:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.47092

503

AhnLab V3 Security

PUP/Win32.Firseria

2014.01.05

Avira AntiVirus

APPL/Firseria.Gen

7.11.123.138

avast!

Win32:Firseria-A [PUP]

2014.9-150920

AVG

AdInstaller.Firseria

2016.0.2981

Baidu Antivirus

Adware.Win32.FirseriaInstaller

4.0.3.15920

Bitdefender

Gen:Variant.Adware.Strictor.47092

1.0.20.1315

Dr.Web

Adware.Downware.1433

9.0.1.0263

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.47092

8.15.09.20.07

ESET NOD32

Win32/FirseriaInstaller (variant)

9.9252

F-Secure

Gen:Variant.Adware.Strictor.47092

11.2015-20-09_1

G Data

Gen:Variant.Adware.Strictor.47092

15.9.22

IKARUS anti.virus

not-a-virus:Downloader.Win32.Morstar

t3scan.2.2.29

Malwarebytes

PUP.Optional.Firseria

v2015.09.20.07

McAfee

Artemis!20D223984091

5600.6637

MicroWorld eScan

Gen:Variant.Adware.Strictor.47092

16.0.0.789

Reason Heuristics

PUP.Solimba.FIRSERIA.Bundler (M)

15.9.20.7

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.5C42

23.00.65.15918

Sophos

Solimba Installer

4.96

Vba32 AntiVirus

Downloader.Morstar

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

25108

File size:

164.8 KB (168,760 bytes)

Product version:

1.0.0.11

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\m\ccleaner.exe

Digital Signature

Signed by:

FIRSERIA, S.L.

Authority:

Thawte, Inc.

Valid from:

7/24/2013 2:00:00 AM

Valid to:

7/25/2014 1:59:59 AM

Subject:

CN="FIRSERIA, S.L.", OU=IT, O="FIRSERIA, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

73C4780FAC0CD497B0778732FB8AF673

File PE Metadata

Compilation timestamp:

10/3/2013 10:57:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:X9evHrrRXqQDRrs23xgWwHLdRFrz2VrN/LM/vhkJzW/4J+eO5PIO0g:X0vLrp9rsTDLdPGNY/vh0zWQJ+X5PIOF

Entry address:

0x7A117

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

101.5 KB (103,936 bytes)

Remove ccleaner.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.