» screensaverremovaltool.exe
Overview
Analysis
File Details
Programs (3)

screensaverremovaltool.exe

Security Stronghold LLC

The application screensaverremovaltool.exe by Security Stronghold has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Mobogenie Removal Tool by Security Stronghold and Bubble Dock Removal Tool by Security Stronghold, both potentially unwanted software.

File name:

Publisher:

Security Stronghold (signed by Security Stronghold LLC)

Version:

1.0.0.100

MD5:

e831bd519969d21a2339801250121631

SHA-1:

f57096b321a0a6ef6a9d8af6e580233d075a188e

SHA-256:

a0b22aed4878d8dc452be06ae6085f76bc4ab76d4c51c19af92746834f9430e5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 12:18:07 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.7.10.15

File size:

5.2 MB (5,421,008 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\screen saver removal tool\screensaverremovaltool.exe

Digital Signature

Signed by:

Security Stronghold LLC

Authority:

GlobalSign nv-sa

Valid from:

10/14/2013 11:55:31 PM

Valid to:

12/11/2014 5:49:56 PM

Subject:

E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121ACD1A0DCFFA94069288588DCC5FFCF18

File PE Metadata

Compilation timestamp:

12/12/2013 7:25:39 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:I5DqyUgpRKSbGR9HKDUBbYjfwONHc7YmB530mTUhCPI+QCTUBL2pcKATSddxRsM6:I5DF/U5Y3NHm530mT4CPI+QpscKAc6

Entry address:

0x3DCDA0

Entry point:

55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, 4C, B5, 7C, 00, E8, F4, F0, C2, FF, 8B, 35, 3C, A9, 83, 00, 33, C0, 55, 68, B6, CF, 7D, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, 33, C0, E8, F2, 7D, C2, FF, 8B, 45, E4, 8D, 55, E8, E8, 3B, 6C, C4, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, 3A, 6A, C4, FF, 8B, 55, EC, 8B, C6, E8, 08, B0, C2, FF, BB, 02, 00, 00, 00, 8D, 45, DC, 8B, 16, 0F, B7, 54, 5A, FC, E8, D8, BA, C2, FF, 8B, 45, DC, 8D, 55, E0, E8, 79, 4C, C4, FF, 8B, 45, E0, 50, 8D... 
[+]

Entropy:

6.6174

Developed / compiled with:

Microsoft Visual C++

Code size:

3.9 MB (4,047,360 bytes)

The file screensaverremovaltool.exe has been discovered within the following programs.

Bubble Dock Removal Tool by Security Stronghold

Distributes a version of SpyHunter by Enigma Software Group with various offers.

www.SecurityStronghold.com

75% remove it

Lucky Leap Removal Tool by Security Stronghold

Lucky Leap Removal Tool is designed to remove the adware from the user PC however it also bundles various applications including the Pro registry cleaner which will download utilities from its server and scan the user's PC.

56% remove it

Mobogenie Removal Tool by Security Stronghold

Publisher's description - “Mobogenie copies its file(s) to your hard disk. Its typical file name is Mobogenie.exe. Then it creates new startup key with name Mobogenie and value Mobogenie.exe. You can also find it in your processes list with name Mobogenie.exe or Mobogenie.”

73% remove it

Remove screensaverremovaltool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.