sxeinjected.exe

POPELER SYSTEM, S.L.

The setup program uses the Firseria/Solimba AppInstaller (DownloadMR) which is a monetization download manager that bundles additional adware offers, typically by wrapping legitimate applications. The application sxeinjected.exe by POPELER SYSTEM, S.L has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.
Publisher:
POPELER SYSTEM, S.L.  (signed and verified)

MD5:
7f0bdee04d78b2c51f0a80c0a1bf3d8a

SHA-1:
7e1846c5b3668bd2b9c336682026df3a3567a42d

SHA-256:
90a6aceb01e453c3f715aa5b1a3ebbf9a9379b4c475c72d097f250d3434797bd

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 12:43:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Solimba (M)
17.3.16.0

File size:
512.6 KB (524,856 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Common path:
C:\users\{user}\downloads\sxeinjected.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
7/24/2014 9:00:00 PM

Valid to:
8/28/2016 8:59:59 PM

Subject:
CN="POPELER SYSTEM, S.L.", OU=IT, O="POPELER SYSTEM, S.L.", L=Badalona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7D4509F01375B349F2DE66BF15A48CD7

File PE Metadata
Compilation timestamp:
3/28/2015 4:34:49 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xC1DC

Entry point:
E8, 5B, 4D, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, 1A, 42, 00, E8, 3E, 15, 00, 00, E8, 2C, 4F, 00, 00, 0F, B7, F0, 6A, 02, E8, EE, 4C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 89, 42, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
98 KB (100,352 bytes)

Remove sxeinjected.exe - Powered by Reason Core Security