home

loki vpn client.exe

Condestil· manager

Condestil·Installer_S.L.

The application loki vpn client.exe has been detected as adware by 32 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from dl01.facdmr.com.
Publisher:
Condestil·Installer_S.L.

Product:
Condestil· manager

Description:
Installer

Version:
3.1.24.3

MD5:
d18608b569e7baa2511fae6fd4bf2783

SHA-1:
3cfbf376eecea26983276a76cf5ab126444a5f4a

SHA-256:
55337b1858ebe693ff92da40a0f4c94130cc1c947cd4af2289e9841cb92fe959

Scanner detections:
32 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Analysis date:
4/26/2024 9:10:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Morstar.A
5621779

AhnLab V3 Security
PUP/Win32.Firseria
2015.06.02

Avira AntiVirus
PUA/Firseria.glop
8.3.1.6

avast!
Win32:Solimba-Y [PUP]
150525-2

AVG
Adware BundleApp.HE
2014.0.4311

Bitdefender
Application.Bundler.Morstar.A
1.0.20.760

Clam AntiVirus
Win.Trojan.Application-558
0.98/20538

Comodo Security
Application.Win32.Firseria.GH
22304

Dr.Web
Trojan.DownLoader11.24441
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.Morstar
10.0.0.5366

ESET NOD32
MSIL/Solimba.AH potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Morstars
6/1/2015

F-Prot
W32/S-efb18088
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.Morstar
5.14.151

G Data
Application.Bundler.Morstar
15.6.25

IKARUS anti.virus
AdWare.BundleApp
t3scan.1.9.2.0

K7 AntiVirus
Trojan
13.204.16103

Kaspersky
not-a-virus:Downloader.Win32.Morstar
15.0.0.543

Malwarebytes
PUP.Optional.Solimba
v2015.06.01.10

MicroWorld eScan
Application.Bundler.Morstar.A
16.0.0.456

NANO AntiVirus
Trojan.Win32.Morstar.dfjwqf
0.30.24.1636

Norman
Application.Bundler.Morstar.A
03.12.2014 13:20:04

Panda Antivirus
Trj/Genetic.gen
15.06.01.10

Quick Heal
AdWare.Firseria.AA3
6.15.14.00

Reason Heuristics
Win32.Generic.Installer.Meta
15.6.1.22

Rising Antivirus
PE:Malware.Morstar!6.19EF
23.00.65.15530

Sophos
PUA 'Solimba Installer'
5.14

SUPERAntiSpyware
PUP.Solimba/Variant
9839

Total Defense
Win32/Tnega.ObGKDOB
37.1.62.1

Vba32 AntiVirus
Downware.Morstar
3.12.26.4

VIPRE Antivirus
Threat.4782980
40552

Zillya! Antivirus
Downloader.Morstar.Win32.91
2.0.0.2200

File size:
531.5 KB (544,256 bytes)

Product version:
3.1.23

Copyright:
copyright © 2014

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
9/22/2014 4:47:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:cnnxNXTHxigTCQbJUMHON1qAhN/QVIvHipk+cmsW:cnnxhAgTV6MHON1qqNYCP+x3

Entry address:
0xDFEC

Entry point:
E8, AE, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, A8, 70, 42, 00, E8, FE, 15, 00, 00, E8, 7F, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 41, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0A, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
114 KB (116,736 bytes)

The file loki vpn client.exe has been seen being distributed by the following URL.

http://dl01.facdmr.com/n/3.1.24.5/.../Loki VPN Client.exe

Remove loki vpn client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.