home

hack tool.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application hack tool.exe by Apps Installer S.L has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download1629.mediafire.com. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.
Publisher:
Appsinstall   (signed by Apps Installer S.L.)

Description:
setup manager

Version:
3.1.12

MD5:
78b5011fad4b79187a7a11b9417cc3eb

SHA-1:
7abfdeeb8c8dfc70a78c040cb1046c39f68d66b6

SHA-256:
1aca5e9cfbb65c44532be9a6ff8c7a8a135443d32dd5589a15764cd76d113750

Scanner detections:
16 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/29/2024 5:15:34 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Firseria
7.1.1

Avira AntiVirus
APPL/FirseriaH.A.2
7.11.152.200

avast!
Win32:Solimba-C [PUP]
2014.9-140614

AVG
BundleApp
2015.0.3444

Comodo Security
Application.Win32.Firseria.CJL
18418

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9886

G Data
Win32.Application.Morstar
14.6.24

Malwarebytes
PUP.Optional.InstallCore
v2014.06.14.03

McAfee
Artemis!78B5011FAD4B
5600.7100

NANO AntiVirus
Trojan.Win32.DownLoader11.czvwwp
0.28.0.60100

Panda Antivirus
Trj/Genetic.gen
14.06.14.03

Reason Heuristics
PUP.Installer.AppsInstallerSL.J
14.8.7.18

Sophos
Solimba Installer
4.98

Trend Micro House Call
TROJ_GEN.F47V0601
7.2.165

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
DownloadMR
29892

File size:
493.9 KB (505,704 bytes)

Product version:
3.1.15

Copyright:
copyright·©·2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\hack tool.exe

Digital Signature
Signed by:
Apps Installer S.L.

Authority:
Thawte, Inc.

Valid from:
2/19/2013 1:00:00 AM

Valid to:
2/20/2015 12:59:59 AM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
5/29/2014 5:26:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:W3ma4bE/SPQHqkdTvL7Ff456p9HKuJC7I:W3b4bEiFCVMaX4I

Entry address:
0xE8DA

Entry point:
E8, 7C, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 60, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 10, E1, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Entropy:
7.6490

Code size:
115.5 KB (118,272 bytes)

The file hack tool.exe has been seen being distributed by the following URL.

http://download1629.mediafire.com/zcq8o5hjvj4g/.../Hack Tool.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/19724145/launch

Remove hack tool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.