opera.exe

Opera

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application opera.exe by Apps Installer S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
Apps Installer S.L.  (signed and verified)

Product:
Opera

Description:
Opera installer

Version:
3.0.5.0

MD5:
24a747ec2f3f4a8c415f8c75c684f37b

SHA-1:
e0bed74e737c5795e04c72b182851735c8f1fcc6

SHA-256:
7f87bade95161e69fddce0c64fa1a2e4084ff67be54396d851df477173559da7

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 12:27:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba.AppsInst.Bundler (M)
16.6.21.16

File size:
228.9 KB (234,384 bytes)

Copyright:
(c) 2010-2013 (201305101334)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\opera.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/19/2013 1:00:00 AM

Valid to:
2/20/2015 12:59:59 AM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
2/19/2012 4:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
3072:3X7DItrfaocyTgfsqQOlJ1EHE9RCCDk3wllewrWwLHB+nKMoFFsT1vfoAT9iEE+/:3saocyLC1CoboYech+nrqMk+4itE2

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The file opera.exe has been seen being distributed by the following URL.

Remove opera.exe - Powered by Reason Core Security