home

exa check.exe

volens eloquentia XLII-II

trepide

The application exa check.exe, “fulgeo mansuetus cometes” has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from sunkfile.com.
Publisher:
trepide

Product:
volens eloquentia XLII-II

Description:
fulgeo mansuetus cometes

Version:
0.91.17.25

MD5:
c530e768db8e0a37731b6f3d2909bc94

SHA-1:
9b957a20b27634ae5f8943649e60b5162b34e7aa

SHA-256:
692e1076ff39484850eb5d08594f9edb185b8f22631f51e331b6e59fb7a86422

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
11/24/2024 11:08:46 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
MSIL:Solimba-Z [PUP]
160326-0

Dr.Web
Adware.Downware.8808
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Morstar.L
11.5.0.6191

ESET NOD32
MSIL/Solimba.AH potentially unwanted application
8.0.319.0

F-Secure
Riskware.Application.Bundler.Morstar
5.15.96

Kaspersky
not-a-virus:Downloader.Win32.Morstar
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.219.530.0

Norman
Application.Bundler.Morstar.L
10.04.2016 15:29:17

File size:
523.2 KB (535,807 bytes)

Product version:
24.15.34.38

Copyright:
Copyright specto

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\exa check.exe

File PE Metadata
Compilation timestamp:
10/14/2014 10:27:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:xTySyXMWfPTuNnB2WfFZ9dQ+rHhl4ZDdlxipv1snRotIS:xTySy9PTUnhfU2Hhl4DdlIcRotIS

Entry address:
0xDEDC

Entry point:
E8, AE, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, D8, 6F, 42, 00, E8, FE, 15, 00, 00, E8, 7F, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 41, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0A, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
113.5 KB (116,224 bytes)

The file exa check.exe has been seen being distributed by the following URL.

http://sunkfile.com/n/3.1.42/.../Exa Check.exe

Remove exa check.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.