» s7338.exe
Overview
Analysis
File Details
Network (2)

s7338.exe

Installer

Condestil Developments s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application s7338.exe by Condestil Developments s.l has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

s7338.exe

Publisher:

Apps·Install (signed by Condestil Developments s.l.)

Product:

Installer

Description:

install manager

Version:

1, 0, 19, 0

MD5:

1e7584f959f2dd378dfafd4ee9ceb60d

SHA-1:

c68a2375c65bd037533ce4497cf02709718a2c00

SHA-256:

b578991ef1ae68ba065a2c446621c58e9247c77b98bb98d91d8e8549a77acd4e

Scanner detections:

18 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/18/2024 6:22:22 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.66555

834

Agnitum Outpost

PUA.Solimba

7.1.1

AhnLab V3 Security

PUP/Win32.Solimba

2014.10.24

Avira AntiVirus

TR/Strictor.62849.611

7.11.180.234

AVG

Generic

2015.0.3312

Bitdefender

Gen:Variant.Adware.Strictor.66555

1.0.20.1485

Dr.Web

Adware.Downware.8808

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Strictor.62849

14.10.24

ESET NOD32

MSIL/Solimba.AE potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Adware.Strictor.66555

11.2014-24-10_6

G Data

Gen:Variant.Adware.Strictor.66555

14.10.24

IKARUS anti.virus

PUA.MSIL.Solimba

t3scan.1.7.8.0

MicroWorld eScan

Gen:Variant.Adware.Strictor.66555

15.0.0.891

NANO AntiVirus

Riskware.Win32.Downware.dgvfyw

0.28.2.62841

Qihoo 360 Security

Win32/Trojan.301

1.0.0.1015

Reason Heuristics

PUP.Installer.CondestilDevelopmentssl.F

14.10.24.5

Sophos

Generic PUA MG

4.98

VIPRE Antivirus

Threat.4782980

33706

File size:

226.2 KB (231,648 bytes)

Product version:

1, 0, 19, 0

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\s7338.exe

Digital Signature

Signed by:

Condestil Developments s.l.

Authority:

Thawte, Inc.

Valid from:

7/24/2014 5:00:00 PM

Valid to:

7/24/2016 4:59:59 PM

Subject:

CN=Condestil Developments s.l., O=Condestil Developments s.l., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

43F850AA43DAD92FF6603BEB72F415DD

File PE Metadata

Compilation timestamp:

10/1/2014 7:44:55 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:dwd6o0t0R0b5GLDd2VAih3Uqt2zwN9PPklQ8PzJ:k6Rt0acXd2VjZ14zwcQ8rJ

Entry address:

0x86D40

Entry point:

60, BE, 00, 20, 45, 00, 8D, BE, 00, F0, FA, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.8823

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

212 KB (217,088 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove s7338.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.