» fakealerttrojanremovaltool.exe
Overview
Analysis
File Details
Programs (2)

fakealerttrojanremovaltool.exe

Security Stronghold LLC

The application fakealerttrojanremovaltool.exe by Security Stronghold has been detected as a potentially unwanted program by 2 anti-malware scanners. Additionally, the file is typically installed by a number of programs including DNSChanger Trojan Removal Tool by Security Stronghold and Wild Tangent Removal Tool by Security Stronghold, both potentially unwanted software.

File name:

Publisher:

Security Stronghold LLC (signed and verified)

Version:

1.0.0.0

MD5:

b26ffa3f43176b9be2de383a54e15735

SHA-1:

77f39f3d472437cf0ecf996b20262c7d5cf72a93

SHA-256:

29620ff99823fb3d5fd2406de360df05ff5d05882413ebc6a805d84c916356f8

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/20/2024 12:31:02 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/SecurityStronghold (variant)

8.6865

Reason Heuristics

PUP.Optional.SecurityStronghold.AA

14.5.30.19

File size:

4.6 MB (4,846,520 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\fake alert trojan removal tool\fakealerttrojanremovaltool.exe

Digital Signature

Signed by:

Security Stronghold LLC

Authority:

GlobalSign nv-sa

Valid from:

10/10/2011 6:49:57 AM

Valid to:

10/10/2012 6:49:57 AM

Subject:

E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, S=Astrakhan region, C=RU

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112178C42A18008AB27616B3F5140692C337

File PE Metadata

Compilation timestamp:

1/31/2012 8:35:19 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:cuMHWmvT12SvQy+/HtV+XBb9b1yUDrAD48EfAofj1uotSKTTjT4tJW9yOG4ddxWg:P1V4BsA8DaAofj1uoYE8tJWwOO+

Entry address:

0x394BA4

Entry point:

55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, 7C, 56, 78, 00, E8, 1C, 73, C7, FF, 8B, 35, 44, 9A, 7C, 00, 33, C0, 55, 68, BA, 4D, 79, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, 33, C0, E8, 8E, FF, C6, FF, 8B, 45, E4, 8D, 55, E8, E8, A7, EB, C8, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, A6, E9, C8, FF, 8B, 55, EC, 8B, C6, E8, F8, 30, C7, FF, BB, 02, 00, 00, 00, 8D, 45, DC, 8B, 16, 0F, B7, 54, 5A, FC, E8, 38, 3C, C7, FF, 8B, 45, DC, 8D, 55, E0, E8, 09, CC, C8, FF, 8B, 45, E0, 50, 8D... 
[+]

Entropy:

6.6585

Developed / compiled with:

Microsoft Visual C++

Code size:

3.6 MB (3,751,936 bytes)

The file fakealerttrojanremovaltool.exe has been discovered within the following programs.

DNSChanger Trojan Removal Tool by Security Stronghold

Distributes a version of SpyHunter by Enigma Software Group with various offers.

www.SecurityStronghold.com

66% remove it

Wild Tangent Removal Tool by Security Stronghold

Publisher's description - “WildTangent is filtrate your computer when user unknowingly install the product when they install something else. After gathering this data, the WildTangent then passs that data to another machine, usually for commersializing targets.”

www.securitystronghold.com/gates/wildtangent.html

66% remove it

Remove fakealerttrojanremovaltool.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.