home

cbsidlm-cbsi213-123_free_solitaire-bp-10022517.exe

CBS Interactive

This installer uses the CNET Download.com download manager (private label) in order to provide monetized offerings to end users. These offers could include ad-supported toolbars or various web browser extensions. The application cbsidlm-cbsi213-123_free_solitaire-bp-10022517.exe by CBS Interactive has been detected as a potentially unwanted program by 40 anti-malware scanners. The program is a setup application that uses the DownloadCom Spot Install installer. This file is typically installed with the program Miditzer Style 216 ver. 0.881 by Jim Henry.
Publisher:
CNET Download.com  (signed by CBS Interactive)

Product:
CNET Download.com

Version:
5, 4, 0, 213

MD5:
5a275a569dce6e2f2f0284d82d31310b

SHA-1:
4370e4f60fb96627c6ad4f4820a4fa8a61f8ec29

SHA-256:
e4bd25f5dafb11355b6468fec85b17885ae2c1a65a879e1e4cf3fa311fb6a38e

Scanner detections:
40 / 68

Status:
Potentially unwanted

Explanation:
The installer is a co-bundle distribution utility that might contain adware or various unwanted programs. While the software it is providing is typically clean, some of the donwload manager offers could be classified as unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 11:50:52 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Runouce.B@mm
878

Agnitum Outpost
I-Worm.Chir.B
7.1.1

AhnLab V3 Security
Win32/ChiHack.6652
2014.07.29

Avira AntiVirus
W32/Chir.B
7.11.30.172

avast!
Win32:Oncer
2014.9-140909

AVG
Win32/Chir.B@mm
2015.0.3356

Baidu Antivirus
Virus.Win32.Runouce.$a
4.0.3.1499

Bitdefender
Win32.Runouce.B@mm
1.0.20.1260

Bkav FE
W32.ChirBPE
1.3.0.4959

Clam AntiVirus
WIN.Worm.Brontok
0.98/19168

Comodo Security
EmailWorm.Win32.Runonce.~v001
19008

Dr.Web
Win32.Runonce.6652
9.0.1.0252

Emsisoft Anti-Malware
Win32.Runouce.B@mm
8.14.09.09.04

ESET NOD32
Win32/Chir.B virus
8.7.0.302.0

Fortinet FortiGate
W32/Chir.B@mm
9/9/2014

F-Prot
W32/Thecid.B@mm
v6.4.6.5.141

F-Secure
Win32.Runouce.B@mm
11.2014-09-09_3

G Data
Win32.Runouce.B@mm
14.9.24

herdProtect (fuzzy)
variant of cbsidlm-cbsi213-soundmax_integrated_digital_audio-seo-170204.exe (PUP)
2014.9.9.20

IKARUS anti.virus
Email-Worm.Win32.Runouce
t3scan.1.6.1.0

K7 AntiVirus
EmailWorm
13.181.12872

Kaspersky
Email-Worm.Win32.Runouce
14.0.0.3276

Malwarebytes
Virus.Chir
v2014.09.09.04

McAfee
W32/Chir.b@MM
5600.7012

Microsoft Security Essentials
Threat.Undefined
1.179.1326.0

MicroWorld eScan
Win32.Runouce.B@mm
15.0.0.756

NANO AntiVirus
Virus.Win32.Runouce.bxafx
0.28.2.61148

nProtect
Win32.Runouce.B@mm
14.07.28.01

Panda Antivirus
W32/Chir.B
14.09.09.04

Qihoo 360 Security
Virus.Win32.CNHacker.C
1.0.0.1015

Quick Heal
W32.Runouce.B
9.14.14.00

Reason Heuristics
Bundler.PPI.CBSInteractive.o
14.8.1.0

Rising Antivirus
PE:Worm.ChineseHacker-2!23772
23.00.65.14907

Sophos
W32/Chir-B
4.98

Total Defense
Win32/Chir.B
37.0.11086

Trend Micro House Call
PE_Chir.B
7.2.252

Trend Micro
PE_Chir.B
10.465.09

Vba32 AntiVirus
Virus.Win32.Chur.A
3.12.26.3

VIPRE Antivirus
Threat.219451
31208

ViRobot
Win32.Chir.B
2011.4.7.4223

File size:
682.6 KB (699,016 bytes)

Product version:
5, 4, 0, 213

Copyright:
Copyright (C) 2013

Original file name:
CNET Download.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
DownloadCom Spot Install

Language:
English (United States)

Common path:
C:\users\{user}\downloads\cbsidlm-cbsi213-123_free_solitaire-bp-10022517.exe

Digital Signature
Signed by:
CBS Interactive

Authority:
VeriSign, Inc.

Valid from:
7/21/2013 7:00:00 PM

Valid to:
8/21/2015 6:59:59 PM

Subject:
CN=CBS Interactive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=CBS Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4E4BA2EE1F4C2B3D88BE589DA3471167

File PE Metadata
Compilation timestamp:
7/16/2014 5:03:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:/xNczdyGKhBrdelGh8Zz8xghvBh+Hq24wJb5BdTf2xvqDzT5JRKXhy0:/xNcz6BMCxgncd1j2xvqtJY/

Entry address:
0x193C90

Entry point:
60, BE, 00, F0, 4E, 00, 8D, BE, 00, 20, F1, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.9207

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
660 KB (675,840 bytes)

The file cbsidlm-cbsi213-123_free_solitaire-bp-10022517.exe has been discovered within the following program.

Miditzer Style 216 ver. 0.881  by Jim Henry
Publisher's description - “The Miditzerâ„¢ is a computer program for PC's that lets you recreate a Wurlitzer Style 216 theatre organ. With nothing more than a computer mouse and the sound capabilities found in almost all computers you can experiment with all the controls found on a real theatre organ.”
www.VirtualOrgan.com
About 1% of users remove it
 
Powered by Should I Remove It?

The file cbsidlm-cbsi213-123_free_solitaire-bp-10022517.exe has been seen being distributed by the following 50 URLs.

http://software-files-a.cnet.com/s/software/75/61/13/.../cbsidlm-cbsi213-Outlook_Duplicate_Items_Remover-SEO-75611349.exe

http://software-files-a.cnet.com/s/software/10/58/95/.../cbsidlm-cbsi213-Red_Alert_2_Apocalypse-SEO-10589541.exe

http://software-files-a.cnet.com/s/software/10/96/89/.../cbsidlm-cbsi213-Super_Mario-ORG-10968926.exe

http://software-files-a.cnet.com/s/software/75/28/56/.../cbsidlm-cbsi213-Media_Player_Classic_Home_Cinema_64bit-SEO-75285683.exe

http://software-files-a.cnet.com/s/software/75/21/93/.../cbsidlm-cbsi213-MP3_Free_Downloader-SEO-75219311.exe

http://software-files-a.cnet.com/s/software/10/06/36/.../cbsidlm-cbsi213-MixFX_Flash_Text_Effects-SEO-10063623.exe

http://software-files-a.cnet.com/s/software/10/28/78/.../cbsidlm-cbsi213-RM_to_MP3_Converter-ORG-10287818.exe

http://software-files-a.cnet.com/s/software/76/11/54/.../cbsidlm-cbsi213-DL_Driver_Updater-ORG-76115428.exe

http://software-files-a.cnet.com/s/software/10/86/.../cbsidlm-cbsi213-Alps_Touch_Pad-SEO-108643.exe

http://software-files-a.cnet.com/s/software/75/12/33/.../cbsidlm-cbsi213-Garmin_MapSource-SEO-75123302.exe

http://software-files-a.cnet.com/s/software/75/65/69/.../cbsidlm-cbsi213-Baseball_Scoreboard_Pro-SEO-75656914.exe

http://software-files-a.cnet.com/s/software/10/65/72/.../cbsidlm-cbsi213-Bulgarian_Phonetic_Keyboard_Layout-SEO-10657280.exe

http://software-files-a.cnet.com/s/software/10/66/14/.../cbsidlm-cbsi213-Any_Video_Converter_Freeware-SEO_ES-10661456.exe

http://software-files-a.cnet.com/s/software/10/19/41/.../cbsidlm-cbsi213-RollerCoaster_Tycoon_2-SEO-10194120.exe

http://software-files-a.cnet.com/s/software/10/72/78/.../cbsidlm-cbsi213-SimCardExplorer-SEO-10727850.exe

http://software-files-a.cnet.com/s/software/10/69/97/.../cbsidlm-cbsi213-EzArchitect-SEO-10699771.exe

http://software-files-a.cnet.com/s/software/10/22/88/.../cbsidlm-cbsi213-Sony_ACID_XPress_Free-ORG-10228817.exe

http://software-files-a.cnet.com/s/software/75/99/67/.../cbsidlm-cbsi213-Kingo_Android_Root-SEO-75996768.exe

http://software-files-a.cnet.com/s/software/10/89/39/.../cbsidlm-cbsi213-Free_Audio_Converter-SEO-10893961.exe

http://software-files-a.cnet.com/s/software/75/44/58/.../cbsidlm-cbsi213-Free_VPN-SEO-75445860.exe

http://software-files-a.cnet.com/s/software/10/40/62/.../cbsidlm-cbsi213-JustCursors-SEO-10406297.exe

http://software-files-a.cnet.com/s/software/10/01/76/.../cbsidlm-cbsi213-Grand_Theft_Auto-ORG-10017645.exe

http://software-files-a.cnet.com/s/software/10/06/71/.../cbsidlm-cbsi213-CamStudio-ORG-10067101.exe

http://software-files-a.cnet.com/s/software/75/84/82/.../cbsidlm-cbsi213-GPU_Meter-SEO-75848234.exe

http://software-files-a.cnet.com/s/software/75/15/74/.../cbsidlm-cbsi213-Adobe_Photoshop_CS4_Middle_Eastern_version-SEO-75157403.exe

http://software-files-a.cnet.com/s/software/76/08/45/.../cbsidlm-cbsi213-Free_MOV_Player-ORG-76084599.exe

http://software-files-a.cnet.com/s/software/10/57/39/.../cbsidlm-cbsi213-AutoCAD-SEO-10573933.exe

http://software-files-a.cnet.com/s/software/75/45/34/.../cbsidlm-cbsi213-Histogram_Creator_for_Microsoft_Excel-SEO-75453461.exe

http://software-files-a.cnet.com/s/software/20/15/.../cbsidlm-cbsi213-MpcStar-ORG-201576.exe

http://software-files-a.cnet.com/s/software/10/77/62/.../cbsidlm-cbsi213-Ashampoo_Burning_Studio_Free-SEO-10776287.exe

Latest 30 of 644 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to phx1-rb-api-wax-web-lb.cnet.com  (64.30.224.89:80)

TCP (HTTP):
Connects to phx2-dw-cbsi-xw-lb.cnet.com  (216.239.120.246:80)

TCP (HTTP):
Connects to a23-200-85-18.deploy.static.akamaitechnologies.com  (23.200.85.18:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.