» yahoo! messenger.exe
Overview
Analysis
File Details

yahoo! messenger.exe

FIRSERIA, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application yahoo! messenger.exe by FIRSERIA, S.L has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

Publisher:

Firseria·s·l· (signed by FIRSERIA, S.L.)

Version:

1.0.0.15

MD5:

bfd16d31790a1b9380fee576505dd8b8

SHA-1:

93d64901f32cbf595182bbd365b18fec57856930

SHA-256:

65e44ec5d2b4014f9c27f5b6155238fa3afbb0af027d9dd0ec6dee0166d66e9f

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 1:06:30 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Firseria

2013.11.30

AVG

AdInstaller.Firseria

2016.0.2949

Comodo Security

TrojWare.Win32.Trojan.Obfuscated.~EN

17358

ESET NOD32

Win32/FirseriaInstaller (variant)

9.9114

F-Prot

W32/Backdoor2.HTEZ

v6.4.7.1.166

herdProtect (fuzzy)

variant of srs hd audio lab.exe (Adware)

2015.10.21.23

Kaspersky

not-a-virus:Downloader.Win32.Morstar

14.0.0.1240

Malwarebytes

PUP.Optional.Firseria

v2015.10.21.11

McAfee

Trojan-FDHF!FDA0A9565730

5600.6605

Reason Heuristics

PUP.Solimba.FIRSERIA.Bundler (M)

15.8.25.10

Rising Antivirus

PE:PUA.FirseriaInstaller@CV!1.9C54

23.00.65.151019

Sophos

Solimba Installer

4.95

File size:

165.3 KB (169,272 bytes)

Product version:

1.0.0.15

Original file name:

installer·exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\yahoo! messenger.exe

Digital Signature

Signed by:

FIRSERIA, S.L.

Authority:

Thawte, Inc.

Valid from:

7/24/2013 1:00:00 AM

Valid to:

7/25/2014 12:59:59 AM

Subject:

CN="FIRSERIA, S.L.", OU=IT, O="FIRSERIA, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

73C4780FAC0CD497B0778732FB8AF673

File PE Metadata

Compilation timestamp:

10/14/2013 3:23:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:l4HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:WiI/PlY37ZLF4Ca6WABqBOvs

Entry address:

0x76117

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Entropy:

7.8737

Packer / compiler:

ASPack v1.08.04

Code size:

101 KB (103,424 bytes)

Remove yahoo! messenger.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.