Baidu Antivirus Free.exe

Investena Concept, s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application Baidu Antivirus Free.exe by Investena Concept, s.l has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
Investena Concept, s.l.  (signed and verified)

MD5:
5dc97edf020ffb3c8954d1930f3e5081

SHA-1:
fe31c1757c8d416ddeab8ebef0152949018d335a

SHA-256:
40599a9eab7a5843ac39d20e8dd202558a0cbc4b025fc646f42949e53082b77a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/14/2024 5:27:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba.InvestenaConcept (M)
16.2.12.13

File size:
630.2 KB (645,336 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\baidu antivirus free.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/16/2014 10:00:00 PM

Valid to:
12/16/2016 9:59:59 PM

Subject:
CN="Investena Concept, s.l.", O="Investena Concept, s.l.", L=Badalona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
40AA34E55B1BC6EE54598A0C83C81304

File PE Metadata
Compilation timestamp:
5/27/2015 10:12:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:92HJQeTElcwH6m4/P21vrXB5aalKi9jP65Xgv4T+BgnCoduBCOmMWiXx:4JQPG/P8TBPl79jP65ynoABCOmMWiXx

Entry address:
0x10FEC

Entry point:
E8, 7E, 96, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, CB, 42, 00, E8, BE, 57, 00, 00, E8, 2C, 1D, 00, 00, 0F, B7, F0, 6A, 02, E8, 11, 96, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, BD, 4D, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
139 KB (142,336 bytes)

The file Baidu Antivirus Free.exe has been seen being distributed by the following URL.

Remove Baidu Antivirus Free.exe - Powered by Reason Core Security