hizliarama.exe

Setup

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application hizliarama.exe by SIEN S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
S.I.E.N  (signed by SIEN S.A.)

Product:
Setup

Version:
14.12.15.0

MD5:
a4e53e436964a2bdb1b16bd4d2919dd2

SHA-1:
58ce3f7218de0f03ed22c0a2cd0697744f0e37c1

SHA-256:
9c9d18eb6ad2e1f710beb0948627fc83453b1937fdc25c9cd49a53f0a3b34671

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 11:47:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sien (M)
17.1.8.18

File size:
1.8 MB (1,921,448 bytes)

Product version:
14.12.15.0

Copyright:
(c)SIEN S.A. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\hizliarama.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
5/12/2014 11:20:39 AM

Valid to:
5/13/2015 11:20:39 AM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D12A06D1B366EFC0AF40F74B7D6BFEFE

File PE Metadata
Compilation timestamp:
12/15/2014 1:45:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0xF432F

Entry point:
E8, 9C, 9B, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 40, AD, 55, 00, 75, 02, F3, C3, E9, C4, 20, 00, 00, 56, 6A, 04, 6A, 20, E8, 9E, A0, 00, 00, 59, 59, 8B, F0, 56, FF, 15, 60, 71, 52, 00, A3, 40, 12, 56, 00, A3, 3C, 12, 56, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, E8, D6, 54, 00, E8, 2D, 7A, 00, 00, E8, CB, 78, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 48, 7A, 00, 00, C3, 8B...
 
[+]

Code size:
1.1 MB (1,204,224 bytes)

Remove hizliarama.exe - Powered by Reason Core Security