» editor_0.9.0.rar.exe
Overview
Analysis
File Details

editor_0.9.0.rar.exe

Vetaform Developments, s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application editor_0.9.0.rar.exe by Vetaform Developments, s.l has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

Publisher:

Vetaform Developments, s.l. (signed and verified)

MD5:

93673459750c1eb1dbf22e2bddf7b20b

SHA-1:

6abfe3755dd6cf247eaa1b5d4bbfdc5d3678765c

SHA-256:

dc3d97ee8df62b11edb8191817f37528e755211a5c0bfcba1ab4db6541a221f4

Scanner detections:

31 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 10:59:45 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Mplug.39

5547725

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Firseria

2015.05.23

Avira AntiVirus

PUA/Firseria.Gen

8.3.1.6

avast!

Win32:Solimba-AI [PUP]

150521-0

AVG

Adware BundleApp_r.AJ

2014.0.4311

Bitdefender

Gen:Variant.Adware.Mplug.39

1.0.20.715

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.12663549

0.98/21511

Comodo Security

Application.Win32.Firseria.GH

22221

Dr.Web

Trojan.DownLoader11.57090

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Mplug.39

10.0.0.5366

ESET NOD32

MSIL/Solimba.AK.gen potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Morstar

5/23/2015

F-Prot

W32/Morstar.E.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Mplug

5.14.151

G Data

Gen:Variant.Adware.Mplug.39

15.5.25

K7 AntiVirus

Trojan

13.204.16007

Kaspersky

not-a-virus:Downloader.Win32.Morstar

15.0.0.543

Malwarebytes

PUP.Optional.Firseria

v2015.05.23.10

MicroWorld eScan

Gen:Variant.Adware.Mplug.39

16.0.0.429

NANO AntiVirus

Trojan.Win32.Morstar.dmuxrd

0.30.24.1636

Norman

Solimba.ZMMR

11.20150523

Panda Antivirus

Trj/Genetic.gen

15.05.23.10

Quick Heal

Adware.Morstar.A5

5.15.14.00

Reason Heuristics

PUP.Solimba.VetaformDevelopments

15.5.23.10

Rising Antivirus

PE:AdWare.Win32.Kazy.d!1075356767

23.00.65.15521

Sophos

PUA 'Solimba Installer'

5.14

Vba32 AntiVirus

Downware.Morstar

3.12.26.4

VIPRE Antivirus

Threat.4150696

40432

Zillya! Antivirus

Downloader.Morstar.Win32.331

2.0.0.2187

File size:

516.4 KB (528,808 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\games\editor_0.9.0.rar.exe

Digital Signature

Signed by:

Vetaform Developments, s.l.

Authority:

GlobalSign nv-sa

Valid from:

12/22/2014 12:37:59 PM

Valid to:

12/22/2016 12:37:59 PM

Subject:

CN="Vetaform Developments, s.l.", O="Vetaform Developments, s.l.", L=Badalona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11214A840538566C60A8459CC4FF24F6A711

File PE Metadata

Compilation timestamp:

1/23/2015 5:49:17 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:6cKpDtUTY1crgP7muptXRq0ES2NRMIlhspTU:6cKp2TEcMPXptBq0EhNFfoTU

Entry address:

0xC6AC

Entry point:

E8, AC, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C0, 4C, 42, 00, E8, FE, 15, 00, 00, E8, 7D, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 3F, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 08, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7183 (probably packed)

Code size:

107.5 KB (110,080 bytes)

Remove editor_0.9.0.rar.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.