buildcraft1.7.2.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application buildcraft1.7.2.exe by Apps Installer S.L has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from softlicious.info. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.
Publisher:
App.install  (signed by Apps Installer S.L.)

Description:
setup.manager

Version:
3.1.12.5

MD5:
c9b24618894b577d458207c597f243fc

SHA-1:
792966db755fb45655541e73efd39b2374cd14b1

SHA-256:
8e8f39fb40e4f3a086ccf0450ca4f4a98d59ab906f89bc1ed283d0b82eae7884

Scanner detections:
30 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 11:48:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.M
908

Agnitum Outpost
Trojan.MulDrop
7.1.1

AhnLab V3 Security
PUP/Win32.FirseriaInstaller
2014.08.05

Avira AntiVirus
APPL/FirseriaI.A
7.11.153.178

avast!
Win32:Solimba-C [PUP]
2014.9-140811

AVG
BundleApp
2015.0.3386

Bitdefender
Application.Bundler.M
1.0.20.1115

Clam AntiVirus
Win.Trojan.Application-478
0.98/21411

Comodo Security
Application.Win32.Firseria.K
18458

Dr.Web
Trojan.MulDrop5.32888
9.0.1.0223

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9907

Fortinet FortiGate
Riskware/FirseriaInstaller
8/11/2014

F-Prot
W32/A-2bfcf16c
v6.4.7.1.166

F-Secure
Application.Bundler.M
11.2014-11-08_2

G Data
Application.Bundler
14.8.24

herdProtect (fuzzy)
2014.10.16.23

IKARUS anti.virus
PUA.Morstar
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.1712333

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
14.0.0.3423

Malwarebytes
PUP.Optional.AppsInstaller
v2014.08.11.10

McAfee
Artemis!D5103E38C18A
5600.7042

MicroWorld eScan
Application.Bundler.M
15.0.0.669

NANO AntiVirus
Riskware.Win32.Fiseria.dakwhg
0.28.2.61148

Qihoo 360 Security
Win32/Application.063
1.0.0.1015

Quick Heal
AdWare.Fiseria.r5 (Not a Virus)
8.14.14.00

Reason Heuristics
PUP.Installer.AppsInstallerSL.N
14.8.11.10

Sophos
Solimba Installer
4.98

Trend Micro House Call
TROJ_GEN.F47V0607
7.2.223

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
DownloadMR
30028

File size:
497.3 KB (509,232 bytes)

Product version:
3.1.15

Copyright:
copyright © 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\buildcraft1.7.2.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/19/2013 2:00:00 AM

Valid to:
2/20/2015 1:59:59 AM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
6/3/2014 1:18:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:mYYZr6ypt7xGspjYu+Uhx63UXBQddduJDOxei:mYcr6y/xxsg9BND0ei

Entry address:
0xE05C

Entry point:
E8, 7A, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 38, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E0, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Code size:
113.5 KB (116,224 bytes)

The file buildcraft1.7.2.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/26452437/launch

Remove buildcraft1.7.2.exe - Powered by Reason Core Security