» SE.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

SE.exe

SE

Eli Dahan

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application SE.exe by Eli Dahan has been detected as adware by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘se’. This file is typically installed with the program SkypEmoticons by Daniel Hareuveni which is a potentially unwanted software program.

File name:

SE.exe

Publisher:

SkypEmoticons (signed by Eli Dahan)

Product:

Description:

SkypEmoticons

Version:

1.0.1.4

MD5:

165b96fdfdb68677da27f4716cf59d59

SHA-1:

9541955859d32d8f10138dcdfaa1eb303d7a5d76

SHA-256:

67025fee8690f0db5fb92d328965882a0b863689c9781c20000b35a0e2c30aa9

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

11/24/2024 12:20:45 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-AYT [PUP]

2014.9-140403

Reason Heuristics

PUP.EliDahan.C

14.4.3.4

File size:

5.4 MB (5,679,008 bytes)

Product version:

1.0.1.4

Original file name:

SE.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

Common path:

C:\users\{user}\appdata\roaming\skypemoticons\se.exe

Digital Signature

Signed by:

Eli Dahan

Authority:

COMODO CA Limited

Valid from:

6/9/2013 9:00:00 PM

Valid to:

6/10/2014 8:59:59 PM

Subject:

CN=Eli Dahan, O=Eli Dahan, STREET=Halapid 3, L=Ramat Gan, S=Center, PostalCode=52573, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00864002C7281B93C1609931176B93A6AE

File PE Metadata

Compilation timestamp:

4/2/2014 7:32:09 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

98304:SePr/vYO3Jkjh+uwkJAZztP+aY+no064R1uG9mtnljN7rYZW1Gi16xc+cCgR5hHU:SO/gO3u4RkJA1d+X+S46RtnrPRagjhhm

Entry address:

0xCC1E70

Entry point:

60, BE, 00, 00, B7, 00, 8D, BE, 00, 10, 89, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA]

Code size:

5.3 MB (5,582,848 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Command:

"C:\users\{user}\appdata\roaming\skypemoticons\se.exe" \minimized

The file SE.exe has been discovered within the following program.

SkypEmoticons by Daniel Hareuveni

During installation the software bundles various potentially unwanted programs (InstallMate, SearchNewTab, StarApp) as well as modifies the use's web browser home and search pages to wisesearch.info.

skypemoticons.com

86% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hosted-by.leaseweb.com (95.211.172.111:80)

TCP (HTTP):

Connects to euve246913.serverprofi24.com (62.75.142.165:80)

Remove SE.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.