Security Stronghold LLC

The application win32.salityremovaltool.exe by Security Stronghold has been detected as a potentially unwanted program by 2 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Browser Protect Removal Tool by Security Stronghold and VOPackage Removal Tool by Security Stronghold.
Security Stronghold LLC  (signed and verified)




Scanner detections:
2 / 68

Potentially unwanted

Analysis date:
5/22/2018 3:36:05 AM UTC  (a few moments ago)

Scan engine
Engine version

Win32/SecurityStronghold.A potentially unwanted application

Reason Heuristics

File size:
5.1 MB (5,308,368 bytes)

File type:
Executable application (Win32 EXE)

English (United States)

Common path:
C:\Program Files\win 32. sality removal tool\win32.salityremovaltool.exe

Digital Signature
GlobalSign nv-sa

Valid from:
10/14/2013 5:55:31 PM

Valid to:
12/11/2014 11:49:56 AM

Subject:, CN=Security Stronghold LLC, O=Security Stronghold LLC, L=Astrakhan, C=RU

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

File PE Metadata
Compilation timestamp:
5/29/2014 8:24:19 AM

OS version:

OS bitness:

Windows GUI

Linker version:

CTPH (ssdeep):

Entry address:

Entry point:
55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, AC, 9B, 7C, 00, E8, EB, 00, C3, FF, 8B, 35, 4C, 1C, 81, 00, 8B, 3D, 94, 27, 81, 00, 33, C0, 55, 68, BF, BF, 7D, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E4, 33, C0, E8, E3, 8D, C2, FF, 8B, 45, E4, 8D, 55, E8, E8, 18, 7C, C4, FF, 8B, 45, E8, 8D, 4D, EC, 33, D2, E8, 17, 7A, C4, FF, 8B, 55, EC, 8B, C6, E8, F9, BF, C2, FF, BB, 02, 00, 00, 00, 8D, 45, DC, 8B, 16, 0F, B7, 54, 5A, FC, E8, C9, CA, C2, FF, 8B, 45, DC, 8D, 55, E0, E8, 56, 5C...

Developed / compiled with:
Microsoft Visual C++

Code size:
3.9 MB (4,041,216 bytes)

The file win32.salityremovaltool.exe has been discovered within the following programs.

Browser Protect Removal Tool  by Security Stronghold
During installation, the Security Stronghold Removal Tool utility will provide various bundled applications including RegClean Pro registry cleaner. It will then download utilities from its server and scan the user's PC.
61% remove it
Coupon Peak Removal Tool  by Security Stronghold
Publisher's description - “Coupon Peak copies its file(s) to your hard disk. Its typical file name is t.exe. Then it creates new startup key with name Coupon Peak and value t.exe. You can also find it in your processes list with name t.exe or Coupon Peak.”
65% remove it
VOPackage Removal Tool  by Security Stronghold
Publisher's description - “VO Package copies its file(s) to your hard disk. Its typical file name is VOPackage.exe. Then it creates new startup key with name VO Package and value VOPackage.exe. You can also find it in your processes list with name VOPackage.exe or VO Package.”
64% remove it
Powered by Should I Remove It?

Remove win32.salityremovaltool.exe - Powered by Reason Core Security