s2082.exe

III|I|XL

SINAINSTALLTECH(APPS INSTALLER S.L.)

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application s2082.exe by SINAINSTALLTECH(APPS INSTALLER S.L.) has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is also typically executed from the user's temporary directory.
Publisher:
Installer Setup  (signed by SINAINSTALLTECH(APPS INSTALLER S.L.))

Product:
III|I|XL

Description:
Installer Setup

Version:
3.1.40

MD5:
b0b05f9957ae13e8ee4dec4201c39e9f

SHA-1:
9afd69575ac5c643a2ab6557ef606564a52ed514

SHA-256:
8a31b0e48463a85c67350e85f9633908da5ac8012f91ee680f7d1d1b714b7064

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/29/2024 6:32:02 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Solimba
7.1.1

AVG
Generic
2016.0.3084

Dr.Web
Adware.Downware.11289
9.0.1.05190

ESET NOD32
MSIL/Solimba.B potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.MSIL.Solimba
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.204.16173

Quick Heal
AdWare.Firseria.AA3
6.15.14.00

Reason Heuristics
PUP.Installer.SINAINSTALLTECHAPPSINSTALLER
15.6.8.16

VIPRE Antivirus
Threat.4758821
40830

File size:
351.1 KB (359,560 bytes)

Product version:
3.1.40

Copyright:
2013 - 2015 © All Rights Reserved

Trademarks:
Installer Setup

Original file name:
manager.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\s2082.exe

Digital Signature
Authority:
Unizeto Technologies S.A.

Valid from:
4/29/2015 5:10:22 AM

Valid to:
4/28/2017 5:10:22 AM

Subject:
E=support@appsinstaller.es, CN=SINAINSTALLTECH(APPS INSTALLER S.L.), O=SINAINSTALLTECH(APPS INSTALLER S.L.), C=ES

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
42BC1938C10F58E9EF7EE462B0393A3C

File PE Metadata
Compilation timestamp:
5/6/2015 2:48:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:d11lCe0qJVs6TA8jmxpQRDMTbcGrQXnGkWZnoOHfn:dYe0qJi6TA8joKDMTIFOf

Entry address:
0x55B76

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9243

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
335 KB (343,040 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-5-146-97.compute-1.amazonaws.com  (52.5.146.97:443)

TCP (HTTP):
Connects to ec2-52-4-231-239.compute-1.amazonaws.com  (52.4.231.239:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

Remove s2082.exe - Powered by Reason Core Security