» photoscape.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

photoscape.exe

PhotoScape

Bechiro S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application photoscape.exe, “PhotoScape AppInstaller” by Bechiro S.L has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

photoscape.exe

Publisher:

Bechiro S.L. (signed and verified)

Product:

PhotoScape

Description:

PhotoScape AppInstaller

Version:

3.0.15.2

MD5:

34b292251c423c90237f094f2c9ea574

SHA-1:

b85590b45da8437e9e4bac952d8018484cf3ca4e

SHA-256:

8ed7148cc3d2824a6596a7f6f259d7aaad113bc6bac0a562b45457fb2439e015

Scanner detections:

21 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/27/2024 12:52:52 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Solimba

7.1.1

Avira AntiVirus

PUA/Solimba.Gen

8.3.1.6

avast!

Morstar-U [PUP]

2014.9-160212

AVG

Adware Skodna.Generic

2017.0.2836

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.Solimba.L

22338

Dr.Web

Adware.Downware.1302

9.0.1.043

ESET NOD32

MSIL/Solimba potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Adware/Solimba

2/12/2016

G Data

Win32.Application.Solimba

16.2.25

K7 AntiVirus

Unwanted-Program

13.204.16146

Kaspersky

not-a-virus:Downloader.Win32.Solimba

14.0.0.675

Malwarebytes

PUP.Optional.Solimba

v2016.02.12.12

NANO AntiVirus

Trojan.Win32.DownLoad3.daevxj

0.30.24.1636

Panda Antivirus

Adware/Firseria

16.02.12.12

Quick Heal

PUA.Bechirosl.Gen

2.16.14.00

Reason Heuristics

PUP.Solimba.Bechiro.Bundler (M)

16.2.12.0

Rising Antivirus

PE:PUF.FirseriaInstaller@CV!1.5C42

23.00.65.16210

Sophos

PUA 'Solimba Installer'

5.15

Vba32 AntiVirus

Signed-Downware.Morstar.BechiroSL

3.12.26.4

VIPRE Antivirus

Threat.4782980

40830

File size:

276.5 KB (283,152 bytes)

AppInstaller 2013 (131951638)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\photoscape.exe

Digital Signature

Signed by:

Bechiro S.L.

Authority:

Thawte, Inc.

Valid from:

6/12/2012 9:00:00 PM

Valid to:

6/13/2014 8:59:59 PM

Subject:

CN=Bechiro S.L., OU=Devel, O=Bechiro S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

738DCAC697C06E1B89D106073773010D

File PE Metadata

Compilation timestamp:

2/19/2012 12:01:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

6144:0saocyLCj95yAFzusfnnz89QPiScc0cT9oWUaaG:0toboLyMaPSixPG9

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The file photoscape.exe has been seen being distributed by the following URL.

http://pt.pc-file.info/photoscape/download/.../1351

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/198658527/launch

Remove photoscape.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.