Reason Labs

adobe photoshop cs2.exe

Adobe Photoshop CS2

Apps Installer S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application adobe photoshop cs2.exe, “Adobe Photoshop CS2 installer” by Apps Installer S.L has been detected as PUP.Solimba. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
Apps Installer S.L.  (signed and verified)

Product:
Adobe Photoshop CS2

Description:
Adobe Photoshop CS2 installer

Version:
1.0.5.0

MD5:
4e169634ae8ca5bd316a7cdda8341512

SHA-1:
a19e2fcad477045d426315cc175dbf7504c57bee

SHA-256:
8ca555c647689fac5a687b3fdb0a9cf84a67b0272581ad20bee3f45ec74f48b3

Detection:
PUP.Solimba

Risk:
Medium

Explanation:
This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
10/19/2018 3:22:32 AM UTC  (today)

File size:
428.2 KB (438,448 bytes)

Copyright:
AppInstaller 2013 (131760144)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/19/2013 7:00:00 AM

Valid to:
2/20/2015 6:59:59 AM

Subject:
CN=Apps Installer S.L., O=Apps Installer S.L., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
323F44D66AEF890F43C32CFD743A4AD0

File PE Metadata
Compilation timestamp:
2/19/2012 10:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Entropy:
7.8780  (probably packed)

Characteristics:
0x783

Code size:
34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn.solimba.com  (95.211.6.35:80)

TCP (HTTP):
Connects to api.downloadmr.com  (95.211.39.161:80)

 
http://api.downloadmr.com/installer/1905276372/launch

adobe photoshop cs2.exe is installed together with the following files.

Clean
coccoc_vi.exe  2.5.15.25  (518c38d5a964953b2ac886534217d14eba488314)

Clean
idman612.exe  6, 12, 23, 1  (bd97e694d65574c6c5a43d307441e09e921c2918)

PUP.BandooMedia.Optional.Installer
ilividsetup-r400-n-bc.exe  4.0.0.3451  (8ae6af24a0e6b3005af09a136674fe195191dcf9)

Clean
lingoes_2.8.1.exe  Lingoes 2.8.1   (699f6845b09578acb1c9edb8d7a47552a83852de)

PUP.Solimba
ultrasurf.exe  2.2.45.0  (e85d8d1b32705116a91a4bf490fdf3edc93813e2)

Clean
unikey-4.0rc2-1101-setup.exe  (b631c80eeec701d2bd72261061b5eddb01794abe)

Clean
wrar540.exe  (211a19ca4ec3c7562c9844fe6c42e66a521b8bd4)

Adware.Tightrope
vlcmediaplayer-setup.exe  (5b5ccf4d9e248fc82ec8e6b5210f0282207c3caa)

PUP.AppsInstallerSL.Installer
slide_powerpoint_dep_cho_thuyet_trinh_dsetup.exe  (f8eba52c5c5888eaa70fdeb83c474af6a49293d2)

PUP.AppsInstallerSL.Installer
connectify_hotspot_dsetup.exe  (47f600def658b694c83f7b20620a2653c78935a9)

PUP.AppsInstallerSL.Installer
herdprotect_dsetup.exe  (90580c0a0b014764e580148536de8a111cfece06)

PUP.AppsInstallerSL.Installer
irfanview.exe  (7c327846729556cc3accbc8fe92983af50ee4b6d)

Adware.Solimba.Installer
4e9422ac-75a8-4a0f-9b5b-46785bc06f2f.exe  (c8dde3edd067632ba3a5810c6bd668463a274187)

PUP.AppsInstallerSL.Installer
install.exe  (abac787a699e965a866c596360a3cea6be7f65fc)

PUP.AppsInstallerSL.Installer
google chrome.exe  (9d75d15b37bd2fea429bd0ffee5d9a156773dcbb)

PUP.AppsInstallerSL.Installer
windows live mail.exe  (1f642aa2f3c3ed3d90551f8f4ad57d61edfd2bd9)

PUP.AppsInstallerSL.Installer
6_offer_3.exe  (93c830ab78527790d485a2624cf9f7d50531ca18)

PUP.AppsInstallerSL.Installer
exact audio copy.exe  (c2db0197d129830b48ba82945707c6caa1837776)

PUP.AppsInstallerSL.Installer
imgburn.exe  (a5d268933ef631c8d10dc23afee8dfea153aba2f)

PUP.AppsInstallerSL.Installer
cpu-z.exe  (cc35be1d23104badd3c20e8b2d21d9c90e667373)

PUP.AppsInstallerSL.Installer
519ccf03-7d58-4734-a488-45e35bc06f2f.exe  (cc451d9d4594c76717b69df84b14f4fce512503a)

PUP.AppsInstallerSL.Installer
print artist platinum.exe  (f8369c45531e9259587f09082f45d46f0e1404dc)

PUP.AppsInstallerSL
apps.exe  (550638403db9ff190859de5e91974d6dea15c1a3)

PUP.AppsInstallerSL.Installer
watch_ufc_160_online.exe  (3d96adbd3ebaf254b72372e5dc41530fccb6e1b7)

Download Reason Core Security - Powerful anti-malware software