» prezi desktop.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

prezi desktop.exe

SETUPPROCESS

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application prezi desktop.exe by SETUPPROCESS has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from www.pc-file.info. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.

File name:

prezi desktop.exe

Publisher:

Rapiddown (signed by SETUPPROCESS)

Description:

Setup Manager

Version:

1.0.0.40

MD5:

731a698c0e61ba46f1b136c4f1c8d702

SHA-1:

0d9d2dd16d85753fe9b08dd3b7ca5680dee333db

SHA-256:

dde41346007964498d7bf19654fd562482681531748d4ef12eeb78344bc6e1a5

Scanner detections:

34 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 8:00:51 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Application.Bundler.Firseria.1

5675218

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

PUP/Win32.Rapiddown

2015.06.05

Avira AntiVirus

PUA/Firseria.Gen

8.3.1.6

Arcabit

Application.Bundler.Firseria.1

1.0.0.425

avast!

PUP-gen [PUP]

150602-1

AVG

Luhe.Fiha.A

2016.0.3088

Bitdefender

Gen:Application.Bundler.Firseria.1

1.0.20.780

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.Morstar-7

0.98/20551

Comodo Security

Application.Win32.Bechiro.BDC

22340

Dr.Web

Trojan.DownLoader11.3502

9.0.1.05190

Emsisoft Anti-Malware

Gen:Application.Bundler.Firseria

10.0.0.5366

ESET NOD32

Win32/FirseriaInstaller.C potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/Firseria

6/5/2015

F-Prot

W32/Firseria.D

4.6.5.141

F-Secure

Riskware.Gen:Application.Bundler.Firseria

5.14.151

G Data

Gen:Application.Bundler.Firseria

15.6.25

K7 AntiVirus

Unwanted-Program

13.204.16146

Kaspersky

not-a-virus:AdWare.Win32.Fiseria

15.0.0.543

Malwarebytes

PUP.Optional.Rapiddown

v2015.06.05.02

MicroWorld eScan

Gen:Application.Bundler.Firseria.1

16.0.0.468

NANO AntiVirus

Trojan.Win32.Morstar.doqeiu

0.30.24.1636

Norman

Gen:Application.Bundler.Firseria.1

02.06.2015 14:23:46

nProtect

Trojan-Clicker/W32.Fiseria.250224

15.06.04.01

Panda Antivirus

Trj/Genetic.gen

15.06.05.02

Quick Heal

PUA.Fiseria.DC3

6.15.14.00

Reason Heuristics

PUP.Solimba.Bundler

15.6.4.21

Sophos

PUA 'Solimba Installer'

5.15

Trend Micro House Call

TROJ_SPNR.15BG15

7.2.156

Trend Micro

TROJ_SPNR.15BG15

10.465.05

Vba32 AntiVirus

Downloader.Morstar

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

40838

Zillya! Antivirus

Downloader.Morstar.Win32.13

2.0.0.2206

File size:

244.4 KB (250,224 bytes)

Product version:

3.0.28.1

Original file name:

**intaller.exe**

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\prezi desktop.exe

Digital Signature

Signed by:

SETUPPROCESS

Authority:

DigiCert Inc

Valid from:

11/26/2013 6:00:00 PM

Valid to:

12/1/2014 6:00:00 AM

Subject:

CN=SETUPPROCESS, O=SETUPPROCESS, L=Badalona, S=Barcelona, C=ES

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0A8ABFC7C80D0C2F0A3A89CF6139A91D

File PE Metadata

Compilation timestamp:

1/22/2014 9:04:11 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:HUevXwS6tjih6eiXW6w/k1fKDjXiV7JXHZ1OP14v:0awS0ji3ixXfKK7BHu4v

Entry address:

0x711A0

Entry point:

60, BE, 00, F0, 43, 00, 8D, BE, 00, 20, FC, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.6965

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

204 KB (208,896 bytes)

The file prezi desktop.exe has been seen being distributed by the following URL.

http://www.pc-file.info/prezi-desktop/download/.../8895

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/67916166/launch

Remove prezi desktop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.