» msvcr100.exe
Overview
Analysis
File Details
Downloads (1)

msvcr100.exe

XL-II relaxo officium postea clam

repetitio qui cunabula horum

The application msvcr100.exe, “comprovincialis abstergo disco sane” has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup program which is used to install the application. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from softpicks.com.es.

File name:

msvcr100.exe

Publisher:

repetitio qui cunabula horum

Product:

XL-II relaxo officium postea clam

Description:

comprovincialis abstergo disco sane

Version:

5.35.82.24

MD5:

ffd3cdd3bda7f622c5d4bad239aff513

SHA-1:

8273e94f34564829992d7a3d42c58d933524ec52

SHA-256:

ecf863e4dc61fa242fcdbb274bff4590a10d2248a3488ded267064b8dd6a1cd8

Scanner detections:

8 / 68

Status:

Potentially unwanted

Explanation:

Uses the Solimba installer to bundle adware offers.

Analysis date:

5/6/2024 7:44:15 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Adware-gen [Adw]

150717-0

Dr.Web

Adware.Downware.8763

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.Solimba

11.5.0.6191

ESET NOD32

MSIL/Solimba.AH potentially unwanted application

8.0.319.0

F-Secure

Riskware.Application.Bundler.Solimba

5.15.96

Kaspersky

not-a-virus:Downloader.Win32.Morstar

15.0.0.562

Microsoft Security Essentials

Threat.Undefined

1.219.662.0

Norman

Application.Bundler.Solimba.C

10.04.2016 15:29:17

File size:

523.2 KB (535,807 bytes)

Product version:

67.19.86.63

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\msvcr100.exe

File PE Metadata

Compilation timestamp:

10/13/2014 10:30:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:OdoXLrF5LfTka2HiRP2VbBqVxUIR+C8sOmf3fyKElW:OdobDfTJPQbBGUIR3Df3fb3

Entry address:

0xDE9C

Entry point:

E8, A5, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 08, 6E, 42, 00, E8, FE, 15, 00, 00, E8, 76, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 38, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 01, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Packer / compiler:

PEQuake V0.06

Code size:

113.5 KB (116,224 bytes)

The file msvcr100.exe has been seen being distributed by the following URL.

http://softpicks.com.es/dll/.../14493.html

Remove msvcr100.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.