» sxeinjected.exe
Overview
Analysis
File Details
Downloads (1)

sxeinjected.exe

Delimax Concept

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application sxeinjected.exe by Delimax Concept has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from www.sxe-injected.com.

File name:

sxeinjected.exe

Publisher:

Delimax Concept (signed and verified)

MD5:

fe7d6b60125b0f70bba3a66c0edd09a6

SHA-1:

9162eeefc83fc381acfc5bdd33eb2fdb899f6790

SHA-256:

f810ca84b50712de1d0f1c57d9c9fd50d8adcfd366b17af8e39eb940a6f1c52c

Scanner detections:

22 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 3:52:32 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Kazy.525798

6355545

Avira AntiVirus

W32/Ramnit.A

7.11.30.172

AVG

Adware BundleApp_r.AJ

2014.0.4253

Baidu Antivirus

Adware.Win32.Solimba

4.0.3.1512

Bitdefender

Gen:Variant.Application.Kazy.525798

1.0.20.10

Comodo Security

Application.Win32.Firseria.GH

20570

Emsisoft Anti-Malware

Gen:Variant.Application.Kazy.525798

9.0.0.4799

ESET NOD32

MSIL/Solimba.AK.gen potentially unwanted application

7.0.302.0

F-Prot

W32/S-d8e33fef

v6.4.7.1.166

F-Secure

Riskware.Gen:Variant.Application.Kazy

5.13.68

G Data

Gen:Variant.Application.Kazy.525798

15.1.24

IKARUS anti.virus

not-a-virus:Downloader.Morstar

t3scan.1.8.5.0

K7 AntiVirus

Unwanted-Program

13.1814525

MicroWorld eScan

Gen:Variant.Application.Kazy.525798

16.0.0.6

NANO AntiVirus

Trojan.Win32.Morstar.djtcxn

0.30.0.64448

Norman

Gen:Variant.Application.Kazy.525798

29.12.2014 07:19:03

Panda Antivirus

Trj/Genetic.gen

15.01.02.10

Reason Heuristics

PUP.DelimaxConcept.L

15.1.4.13

Sophos

PUA 'Solimba Installer'

5.09

SUPERAntiSpyware

Trojan.Agent/Gen-RogueAV

10140

Vba32 AntiVirus

Downware.Morstar

3.12.26.3

VIPRE Antivirus

Threat.4439742

35418

File size:

556.2 KB (569,552 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Common path:

C:\users\{user}\downloads\sxeinjected.exe

Digital Signature

Signed by:

Delimax Concept

Authority:

Thawte, Inc.

Valid from:

9/23/2014 9:00:00 PM

Valid to:

9/23/2016 8:59:59 PM

Subject:

CN=Delimax Concept, O=Delimax Concept, L=Barcelona, S=Barcelona, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

069CC4A932F0EBBF4CDE6CBB8C7AAD67

File PE Metadata

Compilation timestamp:

12/23/2014 7:27:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:k70D2C9idToKbjdvL+0HYKEdyoMOaq8S5kb4e/929Avx+j2mlb9RGpCaQK:k70D25dTdvL7HRoMOaq8SdeVUj2U2/9

Entry address:

0xD44C

Entry point:

E8, AF, 6C, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E0, 5F, 42, 00, E8, FE, 15, 00, 00, E8, 80, 6E, 00, 00, 0F, B7, F0, 6A, 02, E8, 42, 6C, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 0B, 65, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8... 
[+]

Entropy:

7.7552 (probably packed)

Code size:

111 KB (113,664 bytes)

The file sxeinjected.exe has been seen being distributed by the following URL.

http://www.sxe-injected.com/.../downfile.php?id=1

Remove sxeinjected.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.