home

setup.exe

Bechiro S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application setup.exe by Bechiro S.L has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.
Publisher:
F¡rser¡a s·l·  (signed by Bechiro S.L.)

Description:
DwonldMnger

Version:
1.0.0.23

MD5:
ee8d2971f79b28488564bb283ea552bb

SHA-1:
6f32f9742c31486757fbe7d1d5a9c6b4086889b5

SHA-256:
4e68826e4c868b640663ec4a98c1df85fec39fe8becf1e8f41dc86d47039d282

Scanner detections:
33 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/1/2024 5:31:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Bundler.Firseria.1
884

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.FirseriaInstaller
2014.09.04

Avira AntiVirus
TR/Crypt.ULPM.Gen
7.11.30.172

avast!
Win32:PUP-gen [PUP]
140813-1

AVG
Adware BundleApp.L
2014.0.4015

Bitdefender
Gen:Application.Bundler.Firseria.1
1.0.20.1235

Clam AntiVirus
Win.Trojan.Firseria-1
0.98/19335

Comodo Security
Application.Win32.Solimba.L
19418

Dr.Web
Trojan.MulDrop5.4401
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Bundler.Firseria
9.0.0.4324

ESET NOD32
Win32/FirseriaInstaller.C potentially unwanted application
7.0.302.0

Fortinet FortiGate
Adware/Sality.MO
9/4/2014

F-Prot
W32/A-fcfcdf57
v6.4.7.1.166

F-Secure
Gen:Application.Bundler.Firseria
11.2014-04-09_5

G Data
Gen:Application.Bundler.Firseria
14.9.24

IKARUS anti.virus
PUA.Bechiro
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13272

Kaspersky
not-a-virus:Downloader.Win32.Solimba
15.0.0.463

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.09.04.11

MicroWorld eScan
Gen:Application.Bundler.Firseria.1
15.0.0.741

NANO AntiVirus
Trojan.Win32.Morstar.cqhuua
0.28.2.61942

Panda Antivirus
Adware/Firseria
14.09.04.11

Qihoo 360 Security
Malware.QVM11.Gen
1.0.0.1015

Quick Heal
Trojandownloader.Morstar.O5
9.14.14.00

Reason Heuristics
PUP.Installer.BechiroSL.I
14.9.4.10

Rising Antivirus
PE:PUF.FirseriaInstaller@CV!1.9C54
23.00.65.14902

Sophos
Solimba Installer
4.98

SUPERAntiSpyware
Adware.Firseria/Variant
10380

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Downloader.Morstar.Win32.2
2.0.0.1911

File size:
183.8 KB (188,216 bytes)

Product version:
3.0.23

Copyright:
copyright·©·2013

Original file name:
¡nstal.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Bechiro S.L.

Authority:
Thawte, Inc.

Valid from:
6/12/2012 9:00:00 PM

Valid to:
6/13/2014 8:59:59 PM

Subject:
CN=Bechiro S.L., OU=Devel, O=Bechiro S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
738DCAC697C06E1B89D106073773010D

File PE Metadata
Compilation timestamp:
11/27/2013 8:43:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:nFtj9DZiop52XIGrjKSBUZWijNutqGwSMixZhAJY/UAmFS:nFZ9DEq52hUZcYGwS/xZ7UW

Entry address:
0x704B0

Entry point:
60, BE, 00, 90, 44, 00, 8D, BE, 00, 80, FB, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
160 KB (163,840 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/29286363/launch

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.