SuiteService.exe

Solvusoft Suite

Installer Wizard

The application SuiteService.exe, “Solvusoft Suite Service” by Installer Wizard has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Solvusoft Suite Service”. While running, it connects to the Internet address web40.cluster.spamfighter.com on port 80 using the HTTP protocol.
Publisher:
Solvusoft Corporation  (signed by Installer Wizard)

Product:
Solvusoft Suite

Description:
Solvusoft Suite Service

Version:
3.1.293.0

MD5:
04ae955ed959b0f90c7edee17aea0f76

SHA-1:
75d20389583ebad2a003f5fd6b83801118c0f167

SHA-256:
98a1568b059023c92213d395598b0e8785a1dadf09db243885dd3f3b3207ab59

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:00:06 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
riskware program Program.Unwanted.840
9.0.1.05190

Reason Heuristics
PUP.Solvusoft.Installer (L)
17.2.28.3

File size:
1.2 MB (1,284,168 bytes)

Product version:
3.1.293.0

Copyright:
Copyright (C) 2003, 2009 Solvusoft Corporation

Original file name:
SuiteService.exe

File type:
Executable application (Win32 EXE)

Language:
Ukrainian (Ukraine)

Common path:
C:\Program Files\solvusoft\suiteservice.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/26/2013 7:00:00 PM

Valid to:
8/26/2016 6:59:59 PM

Subject:
CN=Installer Wizard, O=Installer Wizard, STREET=848 N. Rainbow Blvd., STREET="#3321", L=Las Vegas, S=NV, PostalCode=89107, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00936840633163DBE99483CEE1F9B95E45

File PE Metadata
Compilation timestamp:
11/13/2015 11:42:15 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:5k5PJF2gTlEemz+N0ZZVfhnxNJ97pXlTRvNLZH1SUjwXqMF/IpcN:KGem40HppxNJ97pXlTRvNLZH1SU8HF//

Entry address:
0x95EF7

Entry point:
E8, 54, DA, 00, 00, E9, A5, FE, FF, FF, 6A, 0C, 68, 08, 3D, 4F, 00, E8, B7, 07, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, B8, 79, 52, 00, 77, 22, 6A, 04, E8, 11, 96, 00, 00, 59, 83, 65, FC, 00, 56, E8, 18, 9E, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, C3, 07, 00, 00, C3, 6A, 04, E8, 0C, 95, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 0C, A2, 4D, 00, 83, 3D, 0C, 6B, 52, 00, 00, 75, 18, E8, A8, B4, 00...
 
[+]

Entropy:
6.4858

Code size:
864.5 KB (885,248 bytes)

Service
Display name:
Solvusoft Suite Service

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to web40.cluster.spamfighter.com  (91.192.52.195:80)

TCP (HTTP):
Connects to web30.cluster.spamfighter.com  (91.192.52.205:80)

TCP (HTTP):
Connects to intern2.spamfighter.com  (193.9.159.233:80)

TCP (HTTP):
Connects to web20.cluster.spamfighter.com  (91.192.52.198:80)

Remove SuiteService.exe - Powered by Reason Core Security