home

showbox installer.exe

POPELER SYSTEM, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application showbox installer.exe by POPELER SYSTEM, S.L has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
POPELER SYSTEM, S.L.  (signed and verified)

MD5:
8376cfe636af4ba63cc34310f43931a7

SHA-1:
bd46412c1a8658b8e5c4284635a6fa1a06e99e4d

SHA-256:
caa66388415b98f0f6223dcb1f3f6a9add05d2b248b523b693733eff2cb1026e

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 7:21:31 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Jaik.6157
678

AhnLab V3 Security
PUP/Win32.Morstar
2015.03.29

avast!
Win32:Solimba-S [PUP]
2014.9-150328

AVG
Popeler
2016.0.3156

Bitdefender
Gen:Variant.Jaik.6157
1.0.20.435

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Variant.Jaik.6157
8.15.03.28.05

ESET NOD32
MSIL/Solimba.AM potentially unwanted application
9.7.0.302.0

F-Secure
Gen:Variant.Jaik.6157
11.2015-28-03_7

G Data
Gen:Variant.Jaik.6157
15.3.25

herdProtect (fuzzy)
variant of show%20box.exe (Adware)
2015.7.3.6

K7 AntiVirus
Unwanted-Program
13.202.15414

MicroWorld eScan
Gen:Variant.Jaik.6157
16.0.0.261

NANO AntiVirus
Trojan.Win32.Morstar.dpnhgj
0.30.8.659

Panda Antivirus
Adware/Firseria
15.03.28.05

Reason Heuristics
PUP.Bundler.Solimba
15.3.28.17

Rising Antivirus
PE:Malware.Morstar!6.19F2
23.00.65.15326

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4782980
38552

File size:
509.1 KB (521,272 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\showbox%20installer.exe

Digital Signature
Signed by:
POPELER SYSTEM, S.L.

Authority:
Thawte, Inc.

Valid from:
7/25/2014 1:00:00 AM

Valid to:
8/29/2016 12:59:59 AM

Subject:
CN="POPELER SYSTEM, S.L.", OU=IT, O="POPELER SYSTEM, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7D4509F01375B349F2DE66BF15A48CD7

File PE Metadata
Compilation timestamp:
3/27/2015 8:46:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:/oLrwqCejaJ1casNW3FWz/zU2Wcg/rtNuYTf:/oLrwhcaSMFcz5W/rtpf

Entry address:
0xC1DC

Entry point:
E8, 5B, 4D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E8, 1A, 42, 00, E8, 3E, 15, 00, 00, E8, 2C, 4F, 00, 00, 0F, B7, F0, 6A, 02, E8, EE, 4C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 89, 42, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.7388  (probably packed)

Code size:
98 KB (100,352 bytes)

Remove showbox installer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.