» irfanview.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

irfanview.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application irfanview.exe by Apps Installer S.L has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from jp.win-install.info. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.

File name:

irfanview.exe

Publisher:

Appsinstalls (signed by Apps Installer S.L.)

Description:

setup mgr

Version:

3.1.12.2

MD5:

609c6c89069cf3105e9057a007029fbe

SHA-1:

0fc35fd3250b4e9655967c0c7c09f6eb47fcc755

SHA-256:

9783dd5cdfd24bc0d618cff7e4d17089a94e7f5684a375b2af9176e672cf266e

Scanner detections:

29 / 68

Status:

Adware

Explanation:

This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/27/2024 9:24:59 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.Firseria.F

6254010

Agnitum Outpost

PUA.Firseria

7.1.1

Avira AntiVirus

APPL/FirseriaH.A.1

7.11.197.174

avast!

Win32:Solimba-C [PUP]

141214-1

AVG

Adware BundleApp.DX

2014.0.4235

Bitdefender

Application.Bundler.Firseria.F

1.0.20.1790

Clam AntiVirus

Win.Adware.Firseria-12

0.98/19833

Comodo Security

Application.Win32.Firseria.CJL

20467

Dr.Web

Adware.Downware.4319

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Firseria

9.0.0.4668

ESET NOD32

Win32/FirseriaInstaller (variant)

8.10925

Fortinet FortiGate

Riskware/Generic.AC.1794300

12/24/2014

F-Prot

W32/A-96118aad

v6.4.7.1.166

F-Secure

Riskware.Application.Bundler.Firseria

5.13.68

G Data

Application.Bundler.Firseria

14.12.24

IKARUS anti.virus

PUA.Morstar

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.188.14440

Kaspersky

not-a-virus:AdWare.Win32.Fiseria

15.0.0.543

Malwarebytes

PUP.Optional.BundleInstaller.A

v2014.12.24.09

MicroWorld eScan

Application.Bundler.Firseria.F

15.0.0.1074

NANO AntiVirus

Trojan.Win32.DownLoader11.czvwwp

0.30.0.64448

Norman

Application.Bundler.Firseria.F

04.12.2014 14:30:06

nProtect

Trojan-Clicker/W32.Fiseria.513000

14.12.24.01

Panda Antivirus

Adware/Solimba

14.12.24.09

Reason Heuristics

PUP.Installer.AppsInstallerSL.J

14.12.24.20

Sophos

PUA 'Solimba Installer'

5.09

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4782980

35418

Zillya! Antivirus

Adware.Fiseria.Win32.28

2.0.0.2015

File size:

501 KB (513,000 bytes)

Product version:

3.1.15

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\irfanview.exe

Digital Signature

Signed by:

Apps Installer S.L.

Authority:

Thawte, Inc.

Valid from:

2/18/2013 4:00:00 PM

Valid to:

2/19/2015 3:59:59 PM

Subject:

CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata

Compilation timestamp:

5/30/2014 2:27:30 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:kxcnJVK0iTmk/iCAkCcIL0zmB6KKMcWePoFjdz5c3S7zF20g6/UDuR7C8z0/Y7xd:kxcJULzaCAkaYk69Sv1UDuJCKDD

Entry address:

0xE84A

Entry point:

E8, 7C, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 60, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 10, E1, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64... 
[+]

Entropy:

7.6381

Code size:

115.5 KB (118,272 bytes)

The file irfanview.exe has been seen being distributed by the following URL.

http://jp.win-install.info/irfanview/download/.../846

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cdn.solimba.com (95.211.6.35:80)

TCP (HTTP):

Connects to api.downloadmr.com (95.211.39.161:80)

http://api.downloadmr.com/installer/46336629/launch

Remove irfanview.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.