home

mcedit.exe

Internal Setup

Condestil Developments s.l.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application mcedit.exe by Condestil Developments s.l has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The file has been seen being downloaded from de.pc-file.net.
Publisher:
The Setup Company  (signed by Condestil Developments s.l.)

Product:
Internal Setup

Description:
Setup Process

Version:
3,1,18

MD5:
8d5092a5ad24532590da2ae559f5710e

SHA-1:
9e55785bfee15fbe746517801704316a04af73e2

SHA-256:
5ec505b66d97cc9a5f33816b0766c64c422a5a3d663ef3f67dbfbc3434912424

Scanner detections:
10 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 12:58:07 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
140617-1

AVG
Adware BundleApp.GH
2014.0.3986

Dr.Web
Trojan.MulDrop5.34679
9.0.1.05190

ESET NOD32
Win32/FirseriaInstaller.M potentially unwanted application
7.0.302.0

G Data
Win32.Application.Morstar
14.7.24

IKARUS anti.virus
AdWare.Win32.FirseriaInstaller
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.Fiseria
v2014.07.28.06

Reason Heuristics
PUP.Installer.CondestilDevelopmentssl.G
14.7.31.23

Vba32 AntiVirus
Downware.Morstar
3.12.26.3

VIPRE Antivirus
Threat.4150696
31208

File size:
515.2 KB (527,560 bytes)

Product version:
3.1.20

Copyright:
All rights © 2014

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\mcedit.exe

Digital Signature
Signed by:
Condestil Developments s.l.

Authority:
Thawte, Inc.

Valid from:
7/25/2014 2:00:00 AM

Valid to:
7/25/2016 1:59:59 AM

Subject:
CN=Condestil Developments s.l., O=Condestil Developments s.l., L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
43F850AA43DAD92FF6603BEB72F415DD

File PE Metadata
Compilation timestamp:
7/25/2014 3:22:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:xvIZpbfWr9Gz6BEU8vmlBCZxt1JY4pYraSyv:xvIZJWr9GzlWlUrXJYjIv

Entry address:
0xF5DB

Entry point:
E8, BB, 78, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, F8, 03, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 94, 00, 42, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 60, 84, 42, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 64...
 
[+]

Code size:
121 KB (123,904 bytes)

The file mcedit.exe has been seen being distributed by the following URL.

http://de.pc-file.net/mcedit/download/.../9465

Remove mcedit.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.