five nights at freddy’s for pc.exe

LV-II fungor

Bechiro S.L.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application five nights at freddy’s for pc.exe, “aufero detego tracto” by Bechiro S.L has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
infidus vilitas facio  (signed by Bechiro S.L.)

Product:
LV-II fungor

Description:
aufero detego tracto

Version:
95.59.75.72

MD5:
1e0b6e49de394f7f143e7eb596afc734

SHA-1:
b68084e8149edd1f3e153a36f3d8eda525f8eace

SHA-256:
389344cd5c6e6ce7f2eeb9e3cdc2ed1fc66167db02e8e6a80b06c1686957bcab

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 7:43:59 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Firseria.Gen8
7.11.182.78

avast!
MSIL:Solimba-V [PUP]
2014.9-141030

AVG
Adware BundleApp_r
2015.0.3305

Baidu Antivirus
Adware.Win32.FirseriaInstaller
4.0.3.141030

Bitdefender
Application.Generic.872462
1.0.20.1520

Comodo Security
Application.Win32.Solimba.LSW
19942

Dr.Web
Adware.Downware.8808
9.0.1.0303

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Kazy.132995
8.14.10.30.11

ESET NOD32
MSIL/Solimba.AH potentially unwanted application
8.7.0.302.0

Fortinet FortiGate
Riskware/Morstars
10/30/2014

F-Prot
W32/A-a1e0d357
v6.4.7.1.166

G Data
Win32.Application.Morstar
14.10.24

K7 AntiVirus
Unwanted-Program
13.185.13840

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
14.0.0.3020

Malwarebytes
PUP.Optional.Solimba
v2014.10.30.11

MicroWorld eScan
Gen:Variant.Application.Bundler.Kazy.132995
15.0.0.909

NANO AntiVirus
Trojan.Win32.Morstar.dhdhyl
0.28.6.62995

Reason Heuristics
PUP.BechiroSL.EE
14.10.30.23

Sophos
Solimba Installer
4.98

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4782980
34232

File size:
537.7 KB (550,592 bytes)

Product version:
52.82.34.83

Copyright:
Copyright ferme

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\five nights at freddy’s for pc.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
7/24/2014 8:00:00 PM

Valid to:
7/24/2016 7:59:59 PM

Subject:
CN=Bechiro S.L., O=Bechiro S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0DE376129471B42CE6BCA90326047A34

File PE Metadata
Compilation timestamp:
10/27/2014 9:24:21 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:KxBt8xZr6zDTMJECEvL+JTDZ3oIjFZ77UARmM7B36:Kx0sDTRJjkF3oIjHnUAZ56

Entry address:
0xDE2C

Entry point:
E8, A3, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 58, 70, 42, 00, E8, FE, 15, 00, 00, E8, 74, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 36, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, FF, 64, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.7046  (probably packed)

Code size:
113.5 KB (116,224 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/38284599/launch

Remove five nights at freddy’s for pc.exe - Powered by Reason Core Security