appinstaller.exe

Apps Installer SL

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application appinstaller.exe by Apps Installer SL has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from www.softpicks.fr and multiple other hosts. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.
Publisher:
appinstaller  (signed by Apps Installer SL)

Description:
appinstaller

Version:
3.1.10.28

MD5:
95b7d826e6b3f8c3011f575c01e4175b

SHA-1:
205f71522ee168765b2f2ae49431fa0f5a743a13

SHA-256:
74dd12d4bccd299c2cce3e77abed29bf03bf25e981786696464fd0dde484cf9c

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/24/2024 5:19:13 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic_r
2015.0.3494

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9718

G Data
Win32.Application.Morstar
14.4.24

K7 AntiVirus
Trojan
13.176.11873

Malwarebytes
PUP.Optional.Firseria
v2014.04.24.03

Reason Heuristics
PUP.Installer.AppsInstallerSL.M
14.8.1.0

Sophos
Solimba Installer
4.98

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
DownloadMR
28574

File size:
500.8 KB (512,784 bytes)

Product version:
3.1.9

Copyright:
Copyright© 2014

Original file name:
appinstaller.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\appinstaller.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/24/2014 9:38:03 AM

Valid to:
1/25/2015 9:38:03 AM

Subject:
CN=Apps Installer SL, O=Apps Installer SL, L=Badalona, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121CBDE0E20D87673EA3438EEEB8A63BE19

File PE Metadata
Compilation timestamp:
4/22/2014 11:36:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:4uWnIFlU4rOaBlVRRt80zmltDHMctOq9PoFjdz5FkH7n3jvA20mf/aQ0NuR7CQwi:4uU6OaOilVRvjOPzzDJa1NuJCQIoO6

Entry address:
0xEF74

Entry point:
E8, B2, 78, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 98, F4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, F1, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 74, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Entropy:
7.6425

Code size:
117 KB (119,808 bytes)

The file appinstaller.exe has been seen being distributed by the following 4 URLs.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/12937293/launch

Remove appinstaller.exe - Powered by Reason Core Security