» installer5.exe
Overview
Analysis
File Details
Network (2)

installer5.exe

Installer VI

Bechiro S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application installer5.exe by Bechiro S.L has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is also typically executed from the user's temporary directory.

File name:

installer5.exe

Publisher:

installer (signed by Bechiro S.L.)

Product:

Installer VI

Description:

installer

Version:

3.0.16

MD5:

029162f299af12e48fc5ffde104766e2

SHA-1:

467b9336af5aec76cbb548ece146cd2d7b4e1264

SHA-256:

28e778a7e5f91d27cf37e7ed8624adb8e9f33d7d12d64ed6420b5345052591b0

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 9:51:50 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Solimba

7.1.1

AVG

MalSign.Bechiro SL

2015.0.3436

Comodo Security

Application.Win32.Solimba.L

18170

ESET NOD32

MSIL/Solimba

8.9726

K7 AntiVirus

Trojan

13.176.11896

Malwarebytes

PUP.Optional.Solimba

v2014.06.22.04

Reason Heuristics

PUP.Installer.BechiroSL.K

14.8.8.2

Sophos

Solimba Installer

4.98

VIPRE Antivirus

DownloadMR

28606

File size:

215.3 KB (220,512 bytes)

Product version:

3.0.16

Original file name:

installer5.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\installer5.exe

Digital Signature

Signed by:

Bechiro S.L.

Authority:

Thawte, Inc.

Valid from:

6/13/2012 3:00:00 AM

Valid to:

6/14/2014 2:59:59 AM

Subject:

CN=Bechiro S.L., OU=Devel, O=Bechiro S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

738DCAC697C06E1B89D106073773010D

File PE Metadata

Compilation timestamp:

7/22/2013 5:34:07 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:CDsvqBa8e7G39JPeepCbyGHyWqTW6h9EZLgee3Br:CDsvq8899zCEh9U4

Entry address:

0x3664A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

7.7878

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

210 KB (215,040 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-13-171-27.deploy.static.akamaitechnologies.com (23.13.171.27:80)

TCP (HTTP):

Connects to a173-223-205-80.deploy.static.akamaitechnologies.com (173.223.205.80:80)

Remove installer5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.