home

setup.exe

Bechiro S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application setup.exe, “Application Installer 2x” by Bechiro S.L has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
apps installer   (signed by Bechiro S.L.)

Description:
Application Installer 2x

Version:
3.1.8

MD5:
2beac7cc8d71f1a2772fdf307115acb7

SHA-1:
79f14e601f691123e207eaebe7abae133066e63f

SHA-256:
904fb8a90693b160c7833711fd75d9c24caa56aba6088897d7e17ebc9babb8c9

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 6:37:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DownloadMR.A
491

avast!
Win32:PUP-gen [PUP]
2014.9-151002

AVG
Adware BundleApp
2016.0.2969

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Downware.2225
9.0.1.0275

Emsisoft Anti-Malware
Application.Bundler.DownloadMR
8.15.10.02.07

ESET NOD32
Win32/FirseriaInstaller.F potentially unwanted application
9.7.0.302.0

F-Secure
Riskware.Application.Bundler.DownloadMR
11.2015-02-10_6

herdProtect (fuzzy)
variant of winrarfree.exe (Adware)
2015.10.2.7

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
14.0.0.1338

Norman
Application.Bundler.DownloadMR.A
11.20151002

Reason Heuristics
Adware.Solimba.Bechiro.Bundler (M)
15.8.17.15

VIPRE Antivirus
DownloadMR
28534

File size:
489.9 KB (501,608 bytes)

Product version:
3.1.3

Copyright:
Copyright © 2014

Original file name:
installer2x.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Bechiro S.L.

Authority:
Thawte, Inc.

Valid from:
6/12/2012 8:00:00 PM

Valid to:
6/13/2014 7:59:59 PM

Subject:
CN=Bechiro S.L., OU=Devel, O=Bechiro S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
738DCAC697C06E1B89D106073773010D

File PE Metadata
Compilation timestamp:
3/19/2014 10:11:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:P+TRL7A0wg5rYzCm4juSIBS2RVFW4P6gr646b19mmVX:P+17A0wRs92V1By6mVX

Entry address:
0xE4F9

Entry point:
E8, CD, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 78, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 24, E1, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Entropy:
7.6555

Code size:
115 KB (117,760 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://1.track234e6.com/d/.../1964--1138--1395510232.3444--e95fdaba0e?cb=e95fdaba0e

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/80778222/launch

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.