» fullscreen photo viewer.exe
Overview
Analysis
File Details

fullscreen photo viewer.exe

patiens ergo LII-II

serius quapropter mundus

The application fullscreen photo viewer.exe, “lentitudo dulcedo pello” has been detected as a potentially unwanted program by 23 anti-malware scanners. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

Publisher:

serius quapropter mundus

Product:

patiens ergo LII-II

Description:

lentitudo dulcedo pello

Version:

14.18.95.52

MD5:

a265ddc667793a3fae450f154399fe11

SHA-1:

fe1c4d62165f310d96035963e251c482f4af8053

SHA-256:

21bfda2d85b91b75157746ba06c75167e67a9bc7943bdd418c1f1188a42a008b

Scanner detections:

23 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

4/27/2024 1:29:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12036731

828

AegisLab AV Signature

AdWare.MSIL.DomaIQ

2.1.4+

Avira AntiVirus

APPL/Firseria.Gen8

7.11.181.132

avast!

Win32:Malware-gen

141025-0

AVG

Win.Threat.Medium

2014.0.4189

Bitdefender

Trojan.Generic.12036731

1.0.20.1515

Comodo Security

Application.Win32.Solimba.LSW

19912

Dr.Web

Adware.Downware.8808

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Kazy.132995

8.14.10.30.10

ESET NOD32

MSIL/Solimba.AH potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Morstars

10/30/2014

F-Prot

W32/A-a1e0d357

v6.4.7.1.166

F-Secure

Trojan.Generic.12036731

11.2014-30-10_5

G Data

Trojan.Generic.12036731

14.10.24

K7 AntiVirus

Unwanted-Program

13.185.13805

Malwarebytes

PUP.Optional.Solimba

v2014.10.30.10

MicroWorld eScan

Gen:Variant.Application.Bundler.Kazy.132995

15.0.0.909

NANO AntiVirus

Riskware.Win32.Downware.dhcnhs

0.28.6.62995

nProtect

Trojan.Generic.12036731

14.10.30.01

Quick Heal

Adware.Firseria.A5

10.14.14.00

Sophos

Solimba Installer

4.98

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4782980

34232

File size:

536.3 KB (549,120 bytes)

Product version:

48.98.23.35

spero adamo spero

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\fullscreen%20photo%20viewer.exe

File PE Metadata

Compilation timestamp:

10/24/2014 2:35:21 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:Uv5l9oWU/FpTem4/4QNCIJEj0L9QwBEgcc98wj5ggokeeo:UvC3pT1HZGm0qgcbwtggoke

Entry address:

0xDE2C

Entry point:

E8, A3, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 70, 42, 00, E8, FE, 15, 00, 00, E8, 74, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 36, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, FF, 64, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7092 (probably packed)

Code size:

113.5 KB (116,224 bytes)

Remove fullscreen photo viewer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.