7-zip.exe

7-Zip

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application 7-zip.exe, “7-Zip AppInstaller” by Apps Installer S.L has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
Apps Installer S.L.  (signed and verified)

Product:
7-Zip

Description:
7-Zip AppInstaller

Version:
3.0.14.1

MD5:
5d3c70d05f6cb83d54a12ba1c77a1f6f

SHA-1:
c2e844d616c65dc2e60b6c11b3f32b7c7ed38746

SHA-256:
d669fcdbada64381f7decddf1c6e865055beccdc224fb5e3d85f41929f4b1eb9

Scanner detections:
9 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/28/2024 6:00:12 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Solimba.Gen
7.11.89.66

avast!
Win32:Solimba-C [PUP]
2014.9-140715

Comodo Security
Application.Win32.Solimba.GW
16564

Dr.Web
Adware.Downware.1125
9.0.1.0196

ESET NOD32
MSIL/Solimba
8.8539

Reason Heuristics
PUP.Installer.AppsInstallerSL.F
14.8.7.18

Sophos
DownloadMR
4.90

Trend Micro House Call
TROJ_GEN.F47V0704
7.2.196

VIPRE Antivirus
DownloadMR
19394

File size:
242.2 KB (248,032 bytes)

Copyright:
AppInstaller 2013 (131821534)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\7-zip.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/18/2013 9:00:00 PM

Valid to:
2/19/2015 8:59:59 PM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
2/19/2012 12:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
6144:IsaocyLCu5xfkww6S81HWxgfsZU9G5Hhh8PIsphGZ7ufLW:Itob15xfkww6SAugsSG5B616wK

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file 7-zip.exe has been seen being distributed by the following 2 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/23384892/launch

Remove 7-zip.exe - Powered by Reason Core Security