Software Removal Tool.exe

5177_cmi_istartpageing

Minidigital Technology Co., Limited

The file Software Removal Tool.exe, “Software Removal Tool” by Minidigital Technology Co., Limited has been detected as adware by 10 anti-malware scanners. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d2drfrdurj6mvo.cloudfront.net.
Publisher:
Software Removal Tool  (signed by Minidigital Technology Co., Limited)

Product:
5177_cmi_istartpageing

Description:
Software Removal Tool

Version:
7.0.1.15

MD5:
2ae9063e5c859c2d4af5a0d38b2ab385

SHA-1:
af899b283f9e322f60ff3cb970513606151b7470

SHA-256:
31cced9d02eb972f1a123b8e595888780f579044b84e8f9e48ce802a60673069

Scanner detections:
10 / 68

Status:
Adware

Analysis date:
12/25/2024 7:01:45 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.151128

Dr.Web
Adware.Mutabaha.704
9.0.1.0332

ESET NOD32
Win32/ELEX.EY potentially unwanted (variant)
9.12617

Fortinet FortiGate
Riskware/Elex
11/28/2015

IKARUS anti.virus
AdWare.Elex
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.17959

Microsoft Security Essentials
BrowserModifier:Win32/SupTab
1.1.12300.0

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1077

Reason Heuristics
PUP.ELEX.MinidigitalTechnologyCo (M)
15.11.28.14

VIPRE Antivirus
Minidigital Technologies
45400

File size:
224.7 KB (230,064 bytes)

Product version:
7.0.1.15

Copyright:
Software Removal Tool

Original file name:
Software Removal Tool.exe

Language:
English (United Kingdom)

Common path:
C:\users\{user}\appdata\local\temp\nsc8822.tmp

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
11/23/2015 3:30:34 PM

Valid to:
6/21/2016 3:25:40 PM

Subject:
CN="Minidigital Technology Co., Limited", O="Minidigital Technology Co., Limited", L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216F163B041BF3215B17DA4317DF317DA1

File PE Metadata
Compilation timestamp:
11/20/2015 8:59:43 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:gz+ChsszgDqaKF5804kjOhc0p6qBgZ9+68gixpS0ync:w+UDceze04ptM9l9tnc

Entry address:
0xE666

Entry point:
E8, EE, 81, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 54, FA, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, B0, A5, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 54, FA, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
5.5900

Code size:
120.5 KB (123,392 bytes)

The file Software Removal Tool.exe has been seen being distributed by the following URL.

Remove Software Removal Tool.exe - Powered by Reason Core Security