setup.exe

popeler manager

Popeler System sl

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application setup.exe by Popeler System sl has been detected as adware by 38 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
popeler.·.Installer.·.S.L.  (signed by Popeler System sl)

Product:
popeler manager

Description:
Installer

Version:
3.1.22.17

MD5:
181d23257bccbf7f84342e67371b8cce

SHA-1:
2dcebaad72ec70a5cf39eae283f688b665776439

SHA-256:
1c429a10b3965cff4bb50de0fcb4226a47cd1c7ba89bf91a271b756ddc5e18a3

Scanner detections:
38 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 3:00:37 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Kazy.132995
367

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.Bundler
2014.09.15

Avira AntiVirus
APPL/Firseria.Gen8
7.11.171.148

avast!
Win32:Solimba-Y [PUP]
2014.9-160202

AVG
Generic
2017.0.2845

Baidu Antivirus
Adware.Win32.Solimba
4.0.3.1622

Bitdefender
Gen:Variant.Application.Bundler.Kazy.132995
1.0.20.165

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Morstar-20
0.98/19406

Comodo Security
Application.Win32.Solimba.LSW
19945

Dr.Web
Trojan.DownLoader11.24441
9.0.1.033

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.Kazy.132995
8.16.02.02.07

ESET NOD32
MSIL/Solimba.AH potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/Morstars
2/2/2016

F-Prot
W32/A-a2151e6a
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2016-02-02_3

G Data
Gen:Variant.Application.Bundler.Kazy.132995
16.2.24

IKARUS anti.virus
AdWare.BundleApp
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13333

Kaspersky
not-a-virus:Downloader.Win32.Morstar
14.0.0.721

Malwarebytes
.PUP.Optional.Solimba
v2016.02.02.07

McAfee
Artemis!C0143A5AC630
5600.6501

MicroWorld eScan
Gen:Variant.Application.Bundler.Kazy.132995
17.0.0.99

NANO AntiVirus
Trojan.Win32.Morstar.delxop
0.28.2.61942

Norman
Gen:Variant.Application.Bundler.25
11.20160202

Panda Antivirus
Trj/Genetic.gen
16.02.02.07

Quick Heal
Adware.Firseria.A5
2.16.14.00

Reason Heuristics
PUP.Solimba.PopelerSystemsl.Bundler (M)
16.2.2.19

Rising Antivirus
PE:AdWare.Win32.Kazy.a!1075356764
23.00.65.16131

Sophos
Solimba Installer
4.98

SUPERAntiSpyware
PUP.Morstar/Variant
9347

Total Defense
Win32/Solimba.cZWUEbB
37.1.62.1

Trend Micro House Call
TROJ_GEN.R0C1C0EAD15
7.2.33

Trend Micro
TROJ_GEN.R0C1C0EAD15
10.465.02

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4782980
32938

Zillya! Antivirus
Downloader.Morstar.Win32.62
2.0.0.1923

File size:
511.6 KB (523,840 bytes)

Product version:
3.1.22

Copyright:
copyright © 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
7/28/2014 6:07:42 PM

Valid to:
7/28/2016 6:07:42 PM

Subject:
CN=Popeler System sl, O=Popeler System sl, L=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211594C14279DEF101FBACE6D408D1C14E

File PE Metadata
Compilation timestamp:
9/5/2014 12:28:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:Q1MbIpRtJTI6Kl8jBt1RMYn0IXQhQaCb/tDz1FcH6w:Q1MbuJTLjBt/fjkLCrd1iaw

Entry address:
0xDFDC

Entry point:
E8, AE, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 6D, 42, 00, E8, FE, 15, 00, 00, E8, 7F, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 41, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0A, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
7.6835

Code size:
114 KB (116,736 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security