aim.exe

popeler_installer

POPELER SYSTEM, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application aim.exe by POPELER SYSTEM, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
popeler s.l.  (signed by POPELER SYSTEM, S.L.)

Product:
popeler_installer

Description:
installer

Version:
3.1.16.6

MD5:
742a19dc94546cb41cecc8b37de02499

SHA-1:
380d071e64ad0cd7cd293e5e3c4ec992812742d4

SHA-256:
08a57fa10c4c06e95536e2115934fb54b5a0578a4c955bd5b754070eb549e6ea

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 4:37:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba (M)
16.7.27.1

File size:
501.5 KB (513,552 bytes)

Product version:
3.1.19

Copyright:
copyright (c) 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\aim.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
8/29/2013 2:00:00 AM

Valid to:
8/30/2014 1:59:59 AM

Subject:
CN="POPELER SYSTEM, S.L.", OU=IT, O="POPELER SYSTEM, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
58806C1A153885D4BFE2E3370340491F

File PE Metadata
Compilation timestamp:
7/22/2014 3:00:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:sCzy9ApGQzT9mBEg88Z9uKBtKWhW4KMQ2:sCm9czTitZPaWhNPf

Entry address:
0xE488

Entry point:
E8, 4E, 6E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 00, 71, 47, 00, 89, 0D, FC, 70, 47, 00, 89, 15, F8, 70, 47, 00, 89, 1D, F4, 70, 47, 00, 89, 35, F0, 70, 47, 00, 89, 3D, EC, 70, 47, 00, 66, 8C, 15, 18, 71, 47, 00, 66, 8C, 0D, 0C, 71, 47, 00, 66, 8C, 1D, E8, 70, 47, 00, 66, 8C, 05, E4, 70, 47, 00, 66, 8C, 25, E0, 70, 47, 00, 66, 8C, 2D, DC, 70, 47, 00, 9C, 8F, 05, 10, 71, 47, 00, 8B, 45, 00, A3, 04, 71, 47, 00, 8B, 45, 04, A3, 08, 71, 47, 00, 8D, 45, 08, A3, 14, 71, 47...
 
[+]

Code size:
117.5 KB (120,320 bytes)

The file aim.exe has been seen being distributed by the following URL.

Remove aim.exe - Powered by Reason Core Security