setup.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application setup.exe by Apps Installer S.L has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.
Remove setup.exe - Powered by Reason Core Security
Publisher:
Appinstallr  (signed by Apps Installer S.L.)

Description:
setup mnger

Version:
3.1.12.8

MD5:
0cd786eac68a4a5a68bc81a509f63b16

SHA-1:
48768066ecabeca3d3fbd7639b742fe311d2e631

SHA-256:
fbaee196d3799972594bfff6624b2ee7bd335a49d6d5e2b2144ad40d1ef29853

Scanner detections:
10 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/3/2016 6:55:16 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Bundler.Firseria.A.1
7.11.154.60

AVG
BundleApp
2015.0.3447

Dr.Web
Adware.Downware.4436
9.0.1.05190

ESET NOD32
Win32/FirseriaInstaller.J potentially unwanted application
7.0.302.0

G Data
Win32.Application.Morstar
14.6.24

Malwarebytes
PUP.Optional.AppsInstaller
v2014.06.10.04

Panda Antivirus
Trj/Genetic.gen
14.06.10.04

Reason Heuristics
PUP.Installer.AppsInstallerSL.F
14.8.7.18

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
Threat.4782980
30086

Remove setup.exe - Powered by Reason Core Security
File size:
495.2 KB (507,104 bytes)

Product version:
3.1.14

Copyright:
copyright © 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/26/2014 3:30:00 AM

Valid to:
5/27/2015 3:29:59 AM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Badalona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0F51D368012CA12391845223E21F245A

File PE Metadata
Compilation timestamp:
6/5/2014 4:29:07 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:unKfyxV2ImdvPGBFfi8WuJ6+1x0KCYT88VtX0v:+KfwV2HtPgFfN9/pD8

Entry address:
0xE51A

Entry point:
E8, 7C, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 30, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, E4, E0, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Entropy:
7.6624

Code size:
114.5 KB (117,248 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/19201095/launch

Remove setup.exe - Powered by Reason Core Security