home

s6521.exe

Setup III.I.XXIII

Bechiro sl

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application s6521.exe by Bechiro sl has been detected as adware by 10 anti-malware scanners. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is also typically executed from the user's temporary directory.
Publisher:
Apps Install  (signed by Bechiro sl)

Product:
Setup III.I.XXIII

Description:
Apps Helper

Version:
3.1.23

MD5:
de5c4ed5ba45abadbcc0861912fe89a1

SHA-1:
80bd4759952944735e0c82bcc00aa15516e95a90

SHA-256:
e143ac3ab06b1ffdaaca5f025564a7a7a57ac10ca5cb83fdfcc4527dfdf396a2

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
5/3/2024 1:45:22 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3270

Baidu Antivirus
Adware.MSIL.Solimba
4.0.3.14124

Comodo Security
Application.Win32.Firseria.MAP
19597

ESET NOD32
MSIL/Solimba.AC potentially unwanted application
8.7.0.302.0

G Data
Win32.Adware.Solimba
14.9.24

herdProtect (fuzzy)
variant of s5502.exe (Adware)
2014.12.4.19

IKARUS anti.virus
PUA.MSIL.Solimba
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.Firseria
v2014.12.04.02

Reason Heuristics
PUP.Installer.Bechirosl.F
14.10.1.11

VIPRE Antivirus
Threat.4782980
33120

File size:
343 KB (351,280 bytes)

Product version:
3.1.23

Copyright:
All rights reserved © 2014

Original file name:
dmr.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\s6521.exe

Digital Signature
Signed by:
Bechiro sl

Authority:
GlobalSign nv-sa

Valid from:
8/1/2014 9:25:57 AM

Valid to:
8/1/2016 9:25:57 AM

Subject:
CN=Bechiro sl, O=Bechiro sl, L=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112137190C5DFED5E171B34698C4D7367405

File PE Metadata
Compilation timestamp:
9/19/2014 5:00:39 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:MZMWdM2IR+1t6g1nFrxCPNfVIbkYaEwnlgI3:M+2GEHUVlREwlf3

Entry address:
0x51CC2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6865

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
319.5 KB (327,168 bytes)

Remove s6521.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.