bing desktop.exe

I-XLII relego lacertosus placide

Eilio Developments sl

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application bing desktop.exe by Eilio Developments sl has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from dl.media1982cdn.com.
Publisher:
feritas  (signed by Eilio Developments sl)

Product:
I-XLII relego lacertosus placide

Description:
muto

Version:
45.32.18.61

MD5:
a006e9526a7b03c55fd9754ca59dd14b

SHA-1:
9053ae31b847d96850640840f6627205853c8b10

SHA-256:
e60158e39813399fc212e9695fb4007a7c59dcaa0d81ff7e22fb77b08c2d22e0

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 2:34:43 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Kazy.132995
838

Avira AntiVirus
APPL/Firseria.Gen8
7.11.179.162

avast!
Win32:Solimba-M [PUP]
141003-0

AVG
Adware BundleApp_r.AV
2014.0.4040

Bitdefender
Gen:Variant.Application.Bundler.Kazy.132995
1.0.20.1460

Comodo Security
Application.Win32.Solimba.LSW
19852

Dr.Web
Adware.Downware.8808
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Kazy.132995
14.10.19

ESET NOD32
MSIL/Solimba.AH potentially unwanted application
7.0.302.0

F-Prot
W32/A-a1e0d357
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2014-19-10_1

G Data
Gen:Variant.Application.Bundler.Kazy.132995
14.10.24

IKARUS anti.virus
AdWare.BundleApp
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.184.13727

Kaspersky
not-a-virus:Downloader.Win32.Morstar
15.0.0.494

Malwarebytes
PUP.Optional.Solimba
v2014.10.19.05

MicroWorld eScan
Gen:Variant.Application.Bundler.Kazy.132995
15.0.0.876

NANO AntiVirus
Trojan.Win32.Morstar.dgtmiz
0.28.2.62671

Reason Heuristics
PUP.EilioDevelopmentssl.M
14.10.19.17

Sophos
Solimba Installer
4.98

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4782980
33706

File size:
537.1 KB (549,960 bytes)

Product version:
65.71.31.57

Copyright:
2014 humus pia

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\bing desktop.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/28/2014 9:17:10 AM

Valid to:
7/28/2016 9:17:10 AM

Subject:
CN=Eilio Developments sl, O=Eilio Developments sl, L=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218832573D4BDD488A310AF2AC15B41F25

File PE Metadata
Compilation timestamp:
10/14/2014 10:21:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:59ctRbSDszTcPUKOd13gvr5KdBMvHDE3JjgsESp/Hj60sYo:59ctRJzTEUrz85sBMvj0jgL0sYo

Entry address:
0xDEDC

Entry point:
E8, AE, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 70, 42, 00, E8, FE, 15, 00, 00, E8, 7F, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 41, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0A, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.7061  (probably packed)

Code size:
113.5 KB (116,224 bytes)

The file bing desktop.exe has been seen being distributed by the following URL.

Remove bing desktop.exe - Powered by Reason Core Security