» rootlucdrak.zip.exe
Overview
Analysis
File Details
Downloads (1)

rootlucdrak.zip.exe

Propusan Expansion s.l.

The application rootlucdrak.zip.exe by Propusan Expansion s.l has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from solimba.files-download-149.com.

File name:

rootlucdrak.zip.exe

Publisher:

Propusan Expansion s.l. (signed and verified)

MD5:

1fae35c626892a25a7f42958d4d5ab71

SHA-1:

5f213f4eadb70a89fc406eda99402dbd2a41150a

SHA-256:

23465391df978ccaf64dc1f6e476cb4e346c6eddfc9d2659583532fc488d1b37

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

11/27/2024 5:36:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Solimba (M)

16.12.5.11

File size:

522.1 KB (534,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\rootlucdrak.zip.exe

Digital Signature

Signed by:

Propusan Expansion s.l.

Authority:

GlobalSign nv-sa

Valid from:

12/18/2014 8:37:22 AM

Valid to:

12/18/2016 8:37:22 AM

Subject:

CN=Propusan Expansion s.l., O=Propusan Expansion s.l., L=Badalona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112173CDF53299BEB67263874E91B73F31B9

File PE Metadata

Compilation timestamp:

2/5/2015 3:09:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:IizFwL/mXO3JADVXfObH4FpBvbNWMOT5s1btcbDD4XjAcdiXyKD1AQfDNopqCl+D:IizFQuXOCDVfgABvBWAtq0uD1AcsYB

Entry address:

0xB92C

Entry point:

E8, 57, 4D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A0, 09, 42, 00, E8, 3E, 15, 00, 00, E8, 28, 4F, 00, 00, 0F, B7, F0, 6A, 02, E8, EA, 4C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 85, 42, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.6937

Code size:

96 KB (98,304 bytes)

The file rootlucdrak.zip.exe has been seen being distributed by the following URL.

http://solimba.files-download-149.com/misc/.../?src=rmd&file=rootlucdrak.zip

Remove rootlucdrak.zip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.