» microsoft security essentials.exe
Overview
Analysis
File Details
Downloads (1)

microsoft security essentials.exe

XXXVII-I iubeo

Condestil Developments, s.l.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application microsoft security essentials.exe, “exsequor singularis levis doctor” by Condestil Developments, s.l has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

microsoft security essentials.exe

Publisher:

consto quemadmodum tunc recedo (signed by Condestil Developments, s.l.)

Product:

XXXVII-I iubeo

Description:

exsequor singularis levis doctor

Version:

24.5.97.88

MD5:

1b5beb02a0ae11e803a663f1ac0c0469

SHA-1:

bbd29fd08a65a23d4204ef587a5a8026f24b9012

SHA-256:

83d712ca0b3b6dbfe5e6e287f3c6451f458a52a3c63593a535032ae4ea71259b

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

12/28/2024 8:38:48 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Solimba (M)

16.7.27.18

File size:

538.8 KB (551,696 bytes)

Product version:

67.73.43.30

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\microsoft security essentials.exe

Digital Signature

Signed by:

Condestil Developments, s.l.

Authority:

VeriSign, Inc.

Valid from:

7/25/2014 1:00:00 AM

Valid to:

7/25/2017 12:59:59 AM

Subject:

CN="Condestil Developments, s.l.", O="Condestil Developments, s.l.", L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1D3748575F923798E7549D60FC6C4D50

File PE Metadata

Compilation timestamp:

10/10/2014 3:15:43 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:Q8FeFYo4ncbn1oeiTMMNUi3bFhAAmaT8vPwh7JgfXTQMQdtXeNic:Q8F6Yo4ncbbiTLHBhAkss7JYXTePG

Entry address:

0xDE9C

Entry point:

E8, A5, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 28, 6E, 42, 00, E8, FE, 15, 00, 00, E8, 76, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 38, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 01, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Packer / compiler:

PEQuake V0.06

Code size:

113.5 KB (116,224 bytes)

The file microsoft security essentials.exe has been seen being distributed by the following URL.

http://ovalfile.com/n/3.1.37/.../Microsoft Security Essentials.exe

Remove microsoft security essentials.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.