opera.exe

donec iucundus XXXI-II prudens

Bechiro, s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application opera.exe, “liberatio oratio terminus” by Bechiro, s.l has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
congruus molestus decumbo privatus  (signed by Bechiro, s.l.)

Product:
donec iucundus XXXI-II prudens

Description:
liberatio oratio terminus

Version:
68.44.23.97

MD5:
4a77b45cef58c365f2193fa03fc816bc

SHA-1:
030e448177d69b14998d334126486330bbcb553d

SHA-256:
e94efe13923b492b5b47249d6c90e9df2b1455d7298c0cb4d1f78d37165e9b03

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 1:06:12 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba.Bechiro (M)
16.3.10.3

File size:
539.2 KB (552,176 bytes)

Product version:
49.64.21.65

Copyright:
investigo imbrium torrens

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\opera.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/25/2014 2:00:00 AM

Valid to:
7/25/2017 1:59:59 AM

Subject:
CN="Bechiro, s.l.", O="Bechiro, s.l.", L=Badalona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6871000C97588AD6E2C287A83D05B9E5

File PE Metadata
Compilation timestamp:
10/7/2014 11:41:23 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:yDwcpRj+TcHjuVIXD4ROmTlM8ZIbFcW//HTuj+QP6qR0jb:yDwY+TN+TM3u8ZGcW//zuSqo

Entry address:
0xDFDC

Entry point:
E8, AC, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 6E, 42, 00, E8, FE, 15, 00, 00, E8, 7D, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 3F, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 08, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
114 KB (116,736 bytes)

The file opera.exe has been seen being distributed by the following URL.

Remove opera.exe - Powered by Reason Core Security