» file_downloader.exe
Overview
Analysis
File Details

file_downloader.exe

installation manager

Firseria

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application file_downloader.exe by Firseria has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

file_downloader.exe

Publisher:

Firseria·SL (signed by Firseria)

Product:

installation manager

Description:

installer_setup

Version:

3.1.14.2

MD5:

af277583f13dd3fd3c84a3fc59c9c9b1

SHA-1:

3370da992e5c655a20aa7ef88f1745857c6a0760

SHA-256:

1f3a3090c6eb9517feda7caee89c91e9d5405190c1de14956ba21dcce1457d7a

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/16/2024 1:06:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Firseria.I

885

AhnLab V3 Security

PUP/Win32.Firseria

2014.09.02

Avira AntiVirus

APPL/Bundler.Firseria.I

7.11.170.148

avast!

Win32:Firseria-C [PUP]

140813-1

AVG

Adware BundleApp.GE

2014.0.4015

Baidu Antivirus

Adware.Win32.Fiseria

4.0.3.1492

Bitdefender

Application.Bundler.Firseria.I

1.0.20.1225

Comodo Security

Application.Win32.Firseria.ATWO

19398

Dr.Web

Adware.Downware.6176

9.0.1.05190

Emsisoft Anti-Malware

Application.Downloader

9.0.0.4324

ESET NOD32

Win32/FirseriaInstaller.O potentially unwanted application

7.0.302.0

F-Prot

W32/A-878c47bb

v6.4.7.1.166

F-Secure

Application.Bundler.Firseria

11.2014-02-09_3

G Data

Application.Bundler.Firseria

14.9.24

IKARUS anti.virus

PUA.Solimba

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13247

Kaspersky

not-a-virus:AdWare.Win32.Fiseria

15.0.0.494

Malwarebytes

PUP.Optional.Firseria

v2014.09.02.04

MicroWorld eScan

Application.Bundler.Firseria.I

15.0.0.735

NANO AntiVirus

Riskware.Win32.Fiseria.dcjigc

0.28.2.61942

nProtect

Trojan-Clicker/W32.Fiseria.553376

14.09.02.01

Panda Antivirus

Trj/Genetic.gen

14.09.02.04

Quick Heal

Adware.Firseria.A5

9.14.14.00

Reason Heuristics

PUP.Installer.Firseria.P

14.9.2.15

Sophos

Solimba Installer

4.98

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4150696

32210

Zillya! Antivirus

Adware.Fiseria.Win32.420

2.0.0.1908

File size:

540.4 KB (553,376 bytes)

Product version:

3.1.18

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Digital Signature

Signed by:

Firseria

Authority:

GlobalSign nv-sa

Valid from:

11/11/2013 7:34:44 PM

Valid to:

11/12/2014 7:34:44 PM

Subject:

E=support@solimba.com, CN=Firseria, O=Firseria, L=Badalona, S=Barcelona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112130C3B28D7C9C29B8B07321EF3F8A1462

File PE Metadata

Compilation timestamp:

6/29/2014 5:41:36 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:yxLzMJ8JozBYfw6z7O90dSatRrT88pnWis82:yxsJ8JoqfzXA03PRTs82

Entry address:

0xF48C

Entry point:

E8, 9A, 77, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, D8, F3, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 6C, F0, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 64, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64... 
[+]

Entropy:

7.3485

Code size:

118.5 KB (121,344 bytes)

Remove file_downloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.