toomanyitems1.7.9.exe

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application toomanyitems1.7.9.exe by Apps Installer S.L has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from softlicious.info. While running, it connects to the Internet address cdn.solimba.com on port 80 using the HTTP protocol.
Publisher:
App.install  (signed by Apps Installer S.L.)

Description:
setup.manager

Version:
3.1.12.5

MD5:
2835574850ee972507de863a53d6cb18

SHA-1:
b3ea6533c2f6e92521b849434fcc854cdcdf0a14

SHA-256:
5489e945b96a7b62b2ef1c9be13f03425af3f62baaeec0d19e3085786b0cd5ec

Scanner detections:
32 / 68

Status:
Adware

Explanation:
This is a wrapped installation of legitimate software (without persmission of the developer) and bundles adware such as toolbars and extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/16/2024 9:35:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.M
908

Agnitum Outpost
Trojan.MulDrop
7.1.1

AhnLab V3 Security
PUP/Win32.FirseriaInstaller
2014.08.05

Avira AntiVirus
APPL/FirseriaI.A
7.11.153.178

avast!
Win32:Solimba-C [PUP]
2014.9-140811

AVG
BundleApp
2015.0.3386

Baidu Antivirus
Adware.Win32.Fiseria
4.0.3.14811

Bitdefender
Application.Bundler.M
1.0.20.1115

Clam AntiVirus
Win.Trojan.Application-478
0.98/21411

Comodo Security
Application.Win32.Firseria.K
18458

Dr.Web
Trojan.MulDrop5.32888
9.0.1.0223

ESET NOD32
Win32/FirseriaInstaller (variant)
8.9907

Fortinet FortiGate
Riskware/FirseriaInstaller
8/11/2014

F-Prot
W32/A-96118aad
v6.4.7.1.166

F-Secure
Application.Bundler.M
11.2014-11-08_2

G Data
Application.Bundler
14.8.24

herdProtect (fuzzy)
2014.10.16.23

IKARUS anti.virus
PUA.Morstar
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.1712333

Kaspersky
not-a-virus:AdWare.Win32.Fiseria
14.0.0.3423

Malwarebytes
PUP.Optional.AppsInstaller
v2014.08.11.10

McAfee
Artemis!D5103E38C18A
5600.7042

MicroWorld eScan
Application.Bundler.M
15.0.0.669

NANO AntiVirus
Riskware.Win32.Fiseria.dakwhg
0.28.2.61148

Panda Antivirus
Adware/Solimba
14.08.11.10

Qihoo 360 Security
Win32/Application.063
1.0.0.1015

Quick Heal
AdWare.Fiseria.r5 (Not a Virus)
8.14.14.00

Reason Heuristics
PUP.Installer.AppsInstallerSL.P
14.8.11.10

Sophos
Solimba Installer
4.98

Trend Micro House Call
TROJ_GEN.F47V0607
7.2.223

Vba32 AntiVirus
Downware.Morstar
3.12.26.0

VIPRE Antivirus
DownloadMR
30028

File size:
497.5 KB (509,416 bytes)

Product version:
3.1.15

Copyright:
copyright © 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\toomanyitems1.7.9.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/19/2013 2:00:00 AM

Valid to:
2/20/2015 1:59:59 AM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
6/3/2014 1:18:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:FYYZr6ypt7xGspjYu+Uhx63UXBQddduJDOxeU:FYcr6y/xxsg9BND0eU

Entry address:
0xE05C

Entry point:
E8, 7A, 79, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 38, E4, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, F8, E0, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 54, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Code size:
113.5 KB (116,224 bytes)

The file toomanyitems1.7.9.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/26452470/launch

Remove toomanyitems1.7.9.exe - Powered by Reason Core Security