» microsoft.net framework.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

microsoft.net framework.exe

Microsoft .NET Framework

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application microsoft.net framework.exe, “Microsoft .NET Framework AppInstaller” by Apps Installer S.L has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

Publisher:

Apps Installer S.L. (signed and verified)

Product:

Microsoft .NET Framework

Description:

Microsoft .NET Framework AppInstaller

Version:

3.0.13.0

MD5:

d1359104019720c4dd7571089df5187b

SHA-1:

709858151894ad13f4c5d75349cb8e5a89ac79c7

SHA-256:

f2876d0eacfe1c2df26ffd3e637c13f0104ac5b8fcf3de1c6380f297475dd4d7

Scanner detections:

22 / 68

Status:

Adware

Explanation:

This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/4/2024 11:40:55 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Solimba

7.1.1

Avira AntiVirus

APPL/Solimba.Gen

7.11.187.214

avast!

Solimba-C [PUP]

141119-1

AVG

Adware Skodna.Generic.ALF

2014.0.4189

Comodo Security

Application.Win32.Solimba.GW

20143

Dr.Web

Adware.Downware.1125

9.0.1.05190

ESET NOD32

MSIL/Solimba potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Solimba

11/20/2014

G Data

NSIS.Application.Solimba

14.11.24

IKARUS anti.virus

not-a-virus:Downloader.NSIS

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.185.14085

Kaspersky

not-a-virus:AdWare.Win32.Fiseria

15.0.0.543

Malwarebytes

PUP.Optional.Solimba

v2014.11.20.01

McAfee

Artemis!184A43E8F2EA

5600.6940

NANO AntiVirus

Riskware.Win32.Solimba.daewcj

0.28.6.63474

Panda Antivirus

Adware/Solimba

14.11.20.01

Quick Heal

Downloader.Solimba.r3 (Not a Virus)

11.14.14.00

Reason Heuristics

PUP.Installer.AppsInstallerSL.X

14.11.20.13

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.5C42

23.00.65.141118

Sophos

Solimba Installer

4.98

Vba32 AntiVirus

Signed-Downware.Morstar.AppsInstallerSL

3.12.26.3

VIPRE Antivirus

Threat.4782980

34948

File size:

238.1 KB (243,800 bytes)

AppInstaller 2013 (131781126)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\My documents\downloads\microsoft.net framework.exe

Digital Signature

Signed by:

Apps Installer S.L.

Authority:

Thawte, Inc.

Valid from:

2/19/2013 5:30:00 AM

Valid to:

2/20/2015 5:29:59 AM

Subject:

CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata

Compilation timestamp:

2/19/2012 8:31:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

6144:DsaocyLCFNx+/8thiwMmNCGFyK4SBFJ5UvnYSVhx//vb321JEU3TCG:Dtobc+ktIwLPFHt16gSVT3bmWG

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Entropy:

7.6631

Code size:

34.5 KB (35,328 bytes)

The file microsoft.net framework.exe has been seen being distributed by the following URL.

http://www.download366.com/microsoft-net-framework/download/.../212

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/41691582/launch

Remove microsoft.net framework.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.