» recuva.exe
Overview
Analysis
File Details

recuva.exe

inultus I-XLIII secedo

Eilio Developments sl

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application recuva.exe, “feculentia conspicio digestor” by Eilio Developments sl has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars.

File name:

recuva.exe

Publisher:

accusator fructuarius gens fusus (signed by Eilio Developments sl)

Product:

inultus I-XLIII secedo

Description:

feculentia conspicio digestor

Version:

62.8.82.26

MD5:

46651a543fcf6434e7d0459e55b3dc45

SHA-1:

518dbc688ed0847cbb3513ac76e9db2d66cca6e7

SHA-256:

8291824dbb24a4756b3a3bf661d7a1246684e99bc7d76a942b510bb99ad8aad8

Scanner detections:

27 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 10:16:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.Kazy.132995

827

Agnitum Outpost

PUA.Solimba

7.1.1

AhnLab V3 Security

PUP/Win32.Solimba

2014.10.27

Avira AntiVirus

APPL/Firseria.Gen8

7.11.179.192

avast!

Win32:Solimba-M [PUP]

141025-0

AVG

Adware BundleApp_r.AV

2014.0.4040

Baidu Antivirus

Adware.Win32.Solimba

4.0.3.141030

Bitdefender

Gen:Variant.Application.Bundler.Kazy.132995

1.0.20.1515

Comodo Security

Application.Win32.Solimba.LSW

19854

Dr.Web

Adware.Downware.8808

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Bundler.Kazy.132995

14.10.30

ESET NOD32

MSIL/Solimba.AH potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/Morstars

10/30/2014

F-Prot

W32/A-c4e8b4f7

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2014-30-10_5

G Data

Gen:Variant.Application.Bundler.Kazy.132995

14.10.24

IKARUS anti.virus

AdWare.BundleApp

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.184.13741

Kaspersky

not-a-virus:Downloader.Win32.Morstar

15.0.0.494

Malwarebytes

PUP.Optional.Solimba

v2014.10.30.08

MicroWorld eScan

Gen:Variant.Application.Bundler.Kazy.132995

15.0.0.909

NANO AntiVirus

Trojan.Win32.Morstar.dgveip

0.28.2.62841

Reason Heuristics

PUP.EilioDevelopmentssl.G

14.10.30.20

Sophos

Solimba Installer

4.98

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4782980

33706

Zillya! Antivirus

Downloader.Morstar.Win32.161

2.0.0.1967

File size:

537.6 KB (550,472 bytes)

Product version:

17.68.60.51

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\recuva.exe

Digital Signature

Signed by:

Eilio Developments sl

Authority:

GlobalSign nv-sa

Valid from:

7/28/2014 11:17:10 AM

Valid to:

7/28/2016 11:17:10 AM

Subject:

CN=Eilio Developments sl, O=Eilio Developments sl, L=Barcelona, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11218832573D4BDD488A310AF2AC15B41F25

File PE Metadata

Compilation timestamp:

10/14/2014 12:31:05 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:EDZVt+SyLuTGrd7N6YSNX0XjWn7m66RY8dPtyTNuKhnMjI7:EDZVtKuTgtN6YwX0zWIysqVJMjI7

Entry address:

0xDEDC

Entry point:

E8, AE, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 78, 70, 42, 00, E8, FE, 15, 00, 00, E8, 7F, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 41, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0A, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Code size:

113.5 KB (116,224 bytes)

Remove recuva.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.