dvd shrink.exe

XL-II relaxo officium postea clam

repetitio qui cunabula horum

The application dvd shrink.exe, “comprovincialis abstergo disco sane” has been detected as a potentially unwanted program by 18 anti-malware scanners. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from get.meanrepo.com and multiple other hosts.
Publisher:
repetitio qui cunabula horum

Product:
XL-II relaxo officium postea clam

Description:
comprovincialis abstergo disco sane

Version:
5.35.82.24

MD5:
68e33452c496b3123f74caf15d039d1d

SHA-1:
d644e55eee8ad09afba19cfc550d56eb4a26c2d7

SHA-256:
b2c371f534ec550091651a7050eeb6669fdbbc2054a7b782093cce183525e517

Scanner detections:
18 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
12/25/2024 6:36:09 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Solimba.C
843

AegisLab AV Signature
Application.Downloader
2.1.4+

Avira AntiVirus
APPL/Firseria.Gen8
7.11.178.86

avast!
Win32:Adware-gen [Adw]
141003-0

AVG
Adware BundleApp_r.AV
2014.0.4040

Bitdefender
Application.Bundler.Solimba.C
1.0.20.1435

Comodo Security
Application.Win32.Solimba.LSW
19802

Dr.Web
Adware.Downware.8763
9.0.1.05190

ESET NOD32
MSIL/Solimba.AH potentially unwanted application
7.0.302.0

F-Secure
Application.Bundler.Solimba
11.2014-14-10_3

G Data
Application.Bundler.Solimba
14.10.24

K7 AntiVirus
Trojan
13.183.13676

Kaspersky
not-a-virus:Downloader.Win32.Morstar
15.0.0.494

Malwarebytes
PUP.Optional.Solimba
v2014.10.14.07

MicroWorld eScan
Application.Bundler.Solimba.C
15.0.0.861

NANO AntiVirus
Trojan.Win32.Morstar.dgkzig
0.28.2.62671

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

File size:
523.2 KB (535,807 bytes)

Product version:
67.19.86.63

Copyright:
Copyright certo periculosus maero

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dvd shrink.exe

File PE Metadata
Compilation timestamp:
10/13/2014 5:30:38 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:OdoXLrF5LfTka2HiRP2VbBqVxUIR+C8sOmf3fyKElW:OdobDfTJPQbBGUIR3Df3fb3

Entry address:
0xDE9C

Entry point:
E8, A5, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 6E, 42, 00, E8, FE, 15, 00, 00, E8, 76, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 38, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 01, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
113.5 KB (116,224 bytes)

The file dvd shrink.exe has been seen being distributed by the following 3 URLs.

Remove dvd shrink.exe - Powered by Reason Core Security