win32.salityremovaltool.exe

Security Stronghold LLC

The application win32.salityremovaltool.exe by Security Stronghold has been detected as a potentially unwanted program by 2 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Browser Protect Removal Tool by Security Stronghold and VOPackage Removal Tool by Security Stronghold.
Remove win32.salityremovaltool.exe - Powered by Reason Core Security
Publisher:
Security Stronghold LLC  (signed and verified)

MD5:
40f4cb75149179c17f9a7713c9f1650b

SHA-1:
dac72ee50f1d100d84199beb47b67aff6607f286

SHA-256:
ef163bc81f8fa2b702df44ed1c00e2d365a8f06f1df5ccac9590e4266400678e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/10/2016 12:10:39 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/SecurityStronghold.A potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Optional.SecurityStronghold.W
14.6.10.14

Remove win32.salityremovaltool.exe - Powered by Reason Core Security
File size:
5.1 MB (5,308,368 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\win 32. sality removal tool\win32.salityremovaltool.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/14/2013 5:55:31 PM

Valid to:
12/11/2014 11:49:56 AM

Subject:
E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121ACD1A0DCFFA94069288588DCC5FFCF18

File PE Metadata
Compilation timestamp:
5/29/2014 8:24:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:hUaFDQzvIzQ2Sc3uwHE8umSsWiqeMqN3bvMfxTb8bhUGYy+gxTrRQvi/1ddxR0VH:lcvRiXvMJTbEUGYy+grtqVYg

Entry address:
0x3DBDA8

Entry point:
55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, AC, 9B, 7C, 00, E8, EB, 00, C3, FF, 8B, 35, 4C, 1C, 81, 00, 8B, 3D, 94, 27, 81, 00, 33, C0, 55, 68, BF, BF, 7D, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, 33, C0, E8, E3, 8D, C2, FF, 8B, 45, E4, 8D, 55, E8, E8, 18, 7C, C4, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, 17, 7A, C4, FF, 8B, 55, EC, 8B, C6, E8, F9, BF, C2, FF, BB, 02, 00, 00, 00, 8D, 45, DC, 8B, 16, 0F, B7, 54, 5A, FC, E8, C9, CA, C2, FF, 8B, 45, DC, 8D, 55, E0, E8, 56, 5C...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.9 MB (4,041,216 bytes)

The file win32.salityremovaltool.exe has been discovered within the following programs.

Browser Protect Removal Tool  by Security Stronghold
During installation, the Security Stronghold Removal Tool utility will provide various bundled applications including RegClean Pro registry cleaner. It will then download utilities from its server and scan the user's PC.
www.SecurityStronghold.com
61% remove it
Coupon Peak Removal Tool  by Security Stronghold
Publisher's description - “Coupon Peak copies its file(s) to your hard disk. Its typical file name is t.exe. Then it creates new startup key with name Coupon Peak and value t.exe. You can also find it in your processes list with name t.exe or Coupon Peak.”
www.securitystronghold.com/gates/remove-coupon-peak.html
65% remove it
VOPackage Removal Tool  by Security Stronghold
Publisher's description - “VO Package copies its file(s) to your hard disk. Its typical file name is VOPackage.exe. Then it creates new startup key with name VO Package and value VOPackage.exe. You can also find it in your processes list with name VOPackage.exe or VO Package.”
www.securitystronghold.com/gates/remove-vo-package.html
64% remove it
 
Powered by Should I Remove It?

Remove win32.salityremovaltool.exe - Powered by Reason Core Security