microsoft powerpoint viewer 2010.exe

promissio renuntio ferrum XXXVIII-I

Condestil Developments, s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application microsoft powerpoint viewer 2010.exe, “equus domina vesco” by Condestil Developments, s.l has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
Traiectensium  (signed by Condestil Developments, s.l.)

Product:
promissio renuntio ferrum XXXVIII-I

Description:
equus domina vesco

Version:
86.45.97.95

MD5:
c8e655887cb7a5c9899b15af62a026b4

SHA-1:
1a3be70c69c2c8c4c93c6306df202584295509de

SHA-256:
a98ce5d73fddf19add9397c577691c0658f66ddce6bbb61578dc3e65be24cf53

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 10:08:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba (M)
17.3.5.21

File size:
538.8 KB (551,696 bytes)

Product version:
66.40.10.93

Copyright:
scrinium tenus dexter aqua

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\microsoft powerpoint viewer 2010.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/24/2014 9:00:00 PM

Valid to:
7/24/2017 8:59:59 PM

Subject:
CN="Condestil Developments, s.l.", O="Condestil Developments, s.l.", L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1D3748575F923798E7549D60FC6C4D50

File PE Metadata
Compilation timestamp:
10/10/2014 8:12:41 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xDE9C

Entry point:
E8, A5, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, 6E, 42, 00, E8, FE, 15, 00, 00, E8, 76, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 38, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 01, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
113.5 KB (116,224 bytes)

Remove microsoft powerpoint viewer 2010.exe - Powered by Reason Core Security