home

win32.salityremovaltool.exe

Security Stronghold LLC

The application win32.salityremovaltool.exe by Security Stronghold has been detected as a potentially unwanted program by 2 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Browser Protect Removal Tool by Security Stronghold and VOPackage Removal Tool by Security Stronghold.
Publisher:
Security Stronghold LLC  (signed and verified)

MD5:
40f4cb75149179c17f9a7713c9f1650b

SHA-1:
dac72ee50f1d100d84199beb47b67aff6607f286

SHA-256:
ef163bc81f8fa2b702df44ed1c00e2d365a8f06f1df5ccac9590e4266400678e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
6/26/2017 3:21:57 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/SecurityStronghold.A potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.Optional.SecurityStronghold.W
14.6.10.14

File size:
5.1 MB (5,308,368 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\win 32. sality removal tool\win32.salityremovaltool.exe

Digital Signature
Signed by:
Security Stronghold LLC

Authority:
GlobalSign nv-sa

Valid from:
10/14/2013 5:55:31 PM

Valid to:
12/11/2014 11:49:56 AM

Subject:
E=manager@securitystronghold.com, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, C=RU

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121ACD1A0DCFFA94069288588DCC5FFCF18

File PE Metadata
Compilation timestamp:
5/29/2014 8:24:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:hUaFDQzvIzQ2Sc3uwHE8umSsWiqeMqN3bvMfxTb8bhUGYy+gxTrRQvi/1ddxR0VH:lcvRiXvMJTbEUGYy+grtqVYg

Entry address:
0x3DBDA8

Entry point:
55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, AC, 9B, 7C, 00, E8, EB, 00, C3, FF, 8B, 35, 4C, 1C, 81, 00, 8B, 3D, 94, 27, 81, 00, 33, C0, 55, 68, BF, BF, 7D, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, 33, C0, E8, E3, 8D, C2, FF, 8B, 45, E4, 8D, 55, E8, E8, 18, 7C, C4, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, 17, 7A, C4, FF, 8B, 55, EC, 8B, C6, E8, F9, BF, C2, FF, BB, 02, 00, 00, 00, 8D, 45, DC, 8B, 16, 0F, B7, 54, 5A, FC, E8, C9, CA, C2, FF, 8B, 45, DC, 8D, 55, E0, E8, 56, 5C...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
3.9 MB (4,041,216 bytes)

The file win32.salityremovaltool.exe has been discovered within the following programs.

Browser Protect Removal Tool  by Security Stronghold
During installation, the Security Stronghold Removal Tool utility will provide various bundled applications including RegClean Pro registry cleaner. It will then download utilities from its server and scan the user's PC.
www.SecurityStronghold.com
61% remove it
Coupon Peak Removal Tool  by Security Stronghold
Publisher's description - “Coupon Peak copies its file(s) to your hard disk. Its typical file name is t.exe. Then it creates new startup key with name Coupon Peak and value t.exe. You can also find it in your processes list with name t.exe or Coupon Peak.”
www.securitystronghold.com/gates/remove-coupon-peak.html
65% remove it
VOPackage Removal Tool  by Security Stronghold
Publisher's description - “VO Package copies its file(s) to your hard disk. Its typical file name is VOPackage.exe. Then it creates new startup key with name VO Package and value VOPackage.exe. You can also find it in your processes list with name VOPackage.exe or VO Package.”
www.securitystronghold.com/gates/remove-vo-package.html
64% remove it
 
Powered by Should I Remove It?

Remove win32.salityremovaltool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.