home

file_downloader.exe

File Downloader

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application file_downloader.exe, “File Downloader AppInstaller” by Apps Installer S.L has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
Apps Installer S.L.  (signed and verified)

Product:
File Downloader

Description:
File Downloader AppInstaller

Version:
3.0.14.1

MD5:
63d50527a56c01544fd259709632121d

SHA-1:
cfa33d2ecc8834e619fa849eb55b2d2529f5c993

SHA-256:
75cc76ebf8abdbda8cd6499dd4859fc3a09db40a1dc5f95c478202971db10dbd

Scanner detections:
10 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/4/2024 5:38:19 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Solimba.Gen
7.11.92.132

avast!
Win32:Solimba-C [PUP]
2014.9-140709

Comodo Security
Application.Win32.Solimba.GW
16646

Dr.Web
Adware.Downware.1125
9.0.1.0190

ESET NOD32
MSIL/Solimba
8.8606

McAfee
Artemis!63D50527A56C
5600.7075

Reason Heuristics
PUP.Installer.AppsInstallerSL.P
14.8.7.18

Sophos
DownloadMR
4.91

Trend Micro House Call
TROJ_GEN.F47V0708
7.2.190

VIPRE Antivirus
DownloadMR
19850

File size:
242.2 KB (248,008 bytes)

Copyright:
AppInstaller 2013 (131831020)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\file_downloader.exe

Digital Signature
Signed by:
Apps Installer S.L.

Authority:
Thawte, Inc.

Valid from:
2/18/2013 7:00:00 PM

Valid to:
2/19/2015 6:59:59 PM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
6144:YsaocyLC/5xfPWaSAG8qsbY94VnALsvW7:Ytobo5xfPWaSLLus

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.6954

Code size:
34.5 KB (35,328 bytes)

The file file_downloader.exe has been seen being distributed by the following 2 URLs.

http://en-btjunkie.org/.../

http://kickasstorrents.eu/.../

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/22631175/launch

Remove file_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.