home

facebook.exe

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application facebook.exe by Smart Secure Software S.l has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from the user's temporary directory.
Publisher:
Smart Secure Software S.l.  (signed and verified)

MD5:
89006d325883b84fcecdf27b4dcb630a

SHA-1:
ebf92bdd8a71d06e6ab97d8dff73f556d3705d92

SHA-256:
47d2d58dfa0344d76fecf85bb74c0a77bfe236e5d56b3cfccc9ca10f3d7b6ca5

Scanner detections:
19 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 2:28:20 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Graftor.182456
5621779

AhnLab V3 Security
Win-PUP/DomaIQ.Gen
2015.06.02

Avira AntiVirus
PUA/Softpulse.Gen4
8.3.1.6

AVG
SoftPulse
2016.0.3091

Bitdefender
Gen:Variant.Application.Graftor.182456
1.0.20.765

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Domaiq.175
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Graftor.182456
10.0.0.5366

ESET NOD32
Win32/SoftPulse.AG potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Graftor
5.14.151

G Data
Gen:Variant.Application.Graftor.182456
15.6.25

K7 AntiVirus
Unwanted-Program
13.204.16103

MicroWorld eScan
Gen:Variant.Application.Graftor.182456
16.0.0.459

Norman
Gen:Variant.Application.Graftor.182456
03.12.2014 13:20:04

Quick Heal
PUA.Smartsecur2.Gen
6.15.14.00

Reason Heuristics
PUP.Softpulse.Bundler
15.6.2.4

Sophos
PUA 'SoftPulse' (of type Adware)
5.14

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.4

VIPRE Antivirus
Threat.4783235
40552

File size:
566.8 KB (580,448 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\appdata\local\temp\facebook.exe

Digital Signature
Signed by:
Smart Secure Software S.l.

Authority:
VeriSign, Inc.

Valid from:
11/27/2014 10:00:00 PM

Valid to:
11/28/2015 9:59:59 PM

Subject:
CN=Smart Secure Software S.l., O=Smart Secure Software S.l., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
04AFEF8DECA6D536221E5C8647DC65FF

File PE Metadata
Compilation timestamp:
6/1/2015 11:37:45 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:w9CYh4DPlf3e42zj7OP/cIilnAT6s9OoX3JqkCPlkHQF0H5xA3txBwtxlHS:JMO24jcIQnAOs9bXZHQFyzgtbwA

Entry address:
0x1000

Entry point:
B8, D4, CC, 5C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 0A, 54, E6, 2B, 19, 27, 7C, 0A, C0, 66, 4E, 8A, 35, 05, 5F, 48, EB, D8, 87, 74, 62, 2E, 07, AB, CF, 46, 98, F9, A7, E7, 81, 57, BC, 6D, E1, D2, 86, 21, D4, 5D, 2E, 66, EB, 05, C6, D0, 83, B7, DE, 83, 1B, 00, 5E, 20, 6C, 2F, F8, F2, C7, CC, 94, 16, 19, 51, 80, A8, 99, 9D, 12, C2, 8D, A5, EE, E3, 84, EE, 5B, C8, 8B, C8, 7A, 85, 71, 93, 9F, 23, 63, 01, 7B, F5, 38, B8, C3...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.2 MB (1,242,112 bytes)

Remove facebook.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.