app_host.exe

Beamrise

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application app_host.exe by SIEN S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer.
Publisher:
SIEN S.A.  (signed and verified)

Product:
Beamrise

Version:
2.25.0.4918

MD5:
3c94fe8b5c7d335379b71fcc39ca4585

SHA-1:
168eacc9bc6df24d9ac25badd19f6223825c91c0

SHA-256:
48dbab2df55a8c87b5f829d5ae63ac4b9e75cb4eea618af10f4b63120874edbc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/2/2024 5:31:05 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien (M)
17.3.10.15

File size:
256.8 KB (262,976 bytes)

Product version:
2.25.0.4918

Copyright:
Copyright 2013 The Beamrise Authors. All rights reserved.

Original file name:
app_host.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\beamrise\temp\source7372_16538\chrome-bin\app_host.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
8/21/2012 9:00:00 PM

Valid to:
8/22/2014 8:59:59 PM

Subject:
CN=SIEN S.A., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SIEN S.A., L=Paris, S=France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
514EA00D30C8C244C3E818890BF73967

File PE Metadata
Compilation timestamp:
6/19/2013 5:56:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x142CA

Entry point:
E8, EA, 77, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, D0, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 66, 8B, 4D, 0C, 83, E8, 02, 3B, C2, 74, 05, 66, 39, 08, 75, F4, 66, 39, 08, 74, 02, 33, C0, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 14, 56, 8B, 75, 08, 57, 33, FF, 89, 7D, F8, 89, 7D, F4, 89, 7D, FC, 3B, F7, 75, 13, E8, 05, 20, 00, 00, 6A, 16, 5E, 89, 30, E8, 13, F3, FF, FF, 8B, C6, EB, 54, 53, 6A, 24, 68, FF, 00, 00, 00, 56, E8, 41, FA, FF, FF, 8B, 5D, 0C, 83, C4, 0C, 3B, DF, 75, 11, E8...
 
[+]

Code size:
161.5 KB (165,376 bytes)

Remove app_host.exe - Powered by Reason Core Security