home

google chrome.exe

FIRSERIA, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application google chrome.exe by FIRSERIA, S.L has been detected as adware by 36 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The installer is marketed through download protals and search ads as Google's Chrome web browser but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
Rapiddown  (signed by FIRSERIA, S.L.)

Description:
DownloaddMger

Version:
1.0.0.27

MD5:
7c6ff173fe20dd50d0a7287afae36fe9

SHA-1:
0d0df2b131780e7f9f95c5d17f4d99fc56395344

SHA-256:
82d80ef0c2e1ca76553f7bb991a3d2bc716b122d9e2d9a02859dd4a28bd435bb

Scanner detections:
36 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 5:01:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Bundler.Firseria.1
5738457

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.FirseriaInstaller
2015.05.02

Avira AntiVirus
TR/Crypt.ULPM.Gen
7.11.30.172

avast!
Win32:Firseria-A [PUP]
2014.9-150502

AVG
Adware AdInstaller.Firseria
2016.0.3122

Baidu Antivirus
Adware.Win32.FirseriaInstaller
4.0.3.1552

Bitdefender
Gen:Application.Bundler.Firseria.1
1.0.20.610

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.Solimba.J
21962

Dr.Web
Trojan.DownLoader11.3153
9.0.1.0122

Emsisoft Anti-Malware
Gen:Application.Bundler.Firseria
9.0.0.4799

ESET NOD32
Win32/FirseriaInstaller.C potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Adware/Sality.MO
5/2/2015

F-Prot
W32/Firseria.C
4.6.5.141

F-Secure
Gen:Application.Bundler.Firseria
11.2015-02-05_7

G Data
Gen:Application.Bundler.Firseria
15.5.25

herdProtect (fuzzy)
variant of simple adblock.exe (Adware)
2015.7.31.15

IKARUS anti.virus
not-a-virus:Downloader.Win32.Morstar
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.203.15778

Kaspersky
not-a-virus:Downloader.Win32.Firser
14.0.0.2104

Malwarebytes
PUP.Optional.Firseria
v2015.07.31.03

McAfee
Trojan.Artemis!7C6FF173FE20
16.8.708.2

MicroWorld eScan
Gen:Application.Bundler.Firseria.1
16.0.0.366

NANO AntiVirus
Trojan.Win32.Morstar.csnpwt
0.30.24.1357

Norman
Gen:Application.Bundler.Firseria.1
03.12.2014 13:20:04

Panda Antivirus
Adware/Firseria
15.05.02.04

Quick Heal
Trojandownloader.Morstar.O5
5.15.14.00

Reason Heuristics
Threat.Solimba.Bundler
15.5.1.23

Rising Antivirus
PE:PUF.FirseriaInstaller@CV!1.9C54
23.00.65.15430

Sophos
PUA 'Solimba Installer'
5.13

Trend Micro House Call
Possible_GENBUNDLER.UNP
7.2.122

Trend Micro
Possible_GENBUNDLER.UNP
10.465.02

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4782980
29708

Zillya! Antivirus
Downloader.Morstar.Win32.11
2.0.0.1838

File size:
172.8 KB (176,952 bytes)

Product version:
3.0.26

Copyright:
copyright·©·2013

Original file name:
¡nstal·exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\{random}\google%20chrome.exe

Digital Signature
Signed by:
FIRSERIA, S.L.

Authority:
Thawte, Inc.

Valid from:
7/23/2013 7:00:00 PM

Valid to:
7/24/2014 6:59:59 PM

Subject:
CN="FIRSERIA, S.L.", OU=IT, O="FIRSERIA, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73C4780FAC0CD497B0778732FB8AF673

File PE Metadata
Compilation timestamp:
12/20/2013 5:22:50 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:GXhaoP7Ddc4kJ5sXegDChJo8p8+EOjBPD3hSEE9TCcGZflRJueUhVQqWKBGoutb5:Bf5gtCh2dLOjBT8E2fG1l3jcwKMoSJL

Entry address:
0x62F90

Entry point:
60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 1A, 03, 06, 00, 57, 83, C3, 04, 53, 68, 86, 3F, 02, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
148 KB (151,552 bytes)

Remove google chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.