home

se.exe

AVSoftware EOOD

The software installer uses the StartInstall.com download manager which bundles additional adware offers (toolbars and utilities such as the SafeSearch toolbar) during setup. The application se.exe by AVSoftware EOOD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named SSUpdate triggered daily at a specified time. This file is typically installed with the program MapsEasy by AVSoftware Ltd..
Publisher:
AVSoftware EOOD  (signed and verified)

MD5:
13d9f3e55c416224a157b6bc027807ea

SHA-1:
5e509f9539374fc7c96f160822dac34622964775

SHA-256:
19b3836dcd9aaced61907bfdbb6697fac46561a2d9def5cad5f1ed32f10bfc0f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 4:26:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AVSoftware EOOD.AVSoftwareEOOD (M)
15.12.31.19

File size:
324.5 KB (332,248 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\mapseasy\se.exe

Digital Signature
Signed by:
AVSoftware EOOD

Authority:
Symantec Corporation

Valid from:
12/30/2015 7:00:00 PM

Valid to:
6/3/2016 7:59:59 PM

Subject:
CN=AVSoftware EOOD, O=AVSoftware EOOD, L=Sofia, S=Sofia, C=BG

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
57ABCD2BCF9FD1CFD5A1BABF2579820E

File PE Metadata
Compilation timestamp:
12/5/2014 4:06:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:HGyDLK6643ixcixm4fwtY8zELRUkpdA888888888888W888888888886:mYK664afxpw68ALLpW888888888888WD

Entry address:
0x3D794

Entry point:
55, 8B, EC, 83, C4, E0, 53, 56, 57, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, E8, 89, 45, EC, B8, 0C, AB, 43, 00, E8, 97, C4, FC, FF, 33, C0, 55, 68, 78, D9, 43, 00, 64, FF, 30, 64, 89, 20, B2, 01, A1, 98, 3C, 42, 00, E8, BD, 04, FF, FF, 8B, D8, 66, BA, 3D, 00, 8B, C3, E8, E8, FC, FE, FF, B2, 01, 8B, C3, E8, 4B, FD, FE, FF, BA, BC, 4F, 44, 00, 33, C0, E8, 43, 6D, FC, FF, E8, DE, 6C, FC, FF, 8B, F0, 85, F6, 0F, 8E, 5D, 01, 00, 00, C7, 05, B0, 4F, 44, 00, 01, 00, 00, 00, 8D, 55, EC, A1, B0, 4F, 44, 00, E8, 1D...
 
[+]

Entropy:
6.4731

Developed / compiled with:
Microsoft Visual C++

Code size:
242.5 KB (248,320 bytes)

Scheduled Task
Task name:
SSUpdate

Trigger:
Daily (Runs daily at 2:34 PM)


The file se.exe has been discovered within the following program.

MapsEasy  by AVSoftware Ltd.
www.avsoftware.org
About 9% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-202-252.dfw50.r.cloudfront.net  (52.85.202.252:80)

TCP (HTTP):
Connects to server-54-192-7-203.dfw3.r.cloudfront.net  (54.192.7.203:80)

TCP (HTTP):
Connects to server-54-192-48-92.jfk5.r.cloudfront.net  (54.192.48.92:80)

Remove se.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.