home

winpatrol.exe

WinPatrol

Solimba Aplicaciones S.L.

This is the Solimba installer program that will bundle additional offers mostly including adware and various unwanted PC utilities. The application winpatrol.exe by Solimba Aplicaciones S.L has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. The installer uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. The file has been seen being downloaded from d9yt0xeucd09m.cloudfront.net.
Publisher:
Solimba Aplicaciones S.L.  (signed and verified)

Product:
WinPatrol

Version:
2.1.204.0

MD5:
d82e3e4a19a140fd89f29c9d7eb97799

SHA-1:
6bc01113964dbb12cceab47d695aaa48abe9bac8

SHA-256:
27a0a627a4a8b3dd8e4ad5375b4cfade829bd2f02e944c134405e1009bf097b5

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the Solimba installer to bundle adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/10/2024 4:09:47 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Solimba.Gen
7.11.43.116

Bitdefender
Gen:Variant.Adware.Solimba.1
1.0.20.1265

Dr.Web
Adware.Downware.83
9.0.1.0253

ESET NOD32
MSIL/Solimba
8.7492

Fortinet FortiGate
Adware/Fam.NB
9/10/2014

F-Prot
W32/Solimba.A.gen
v6.4.6.5.141

K7 AntiVirus
Unwanted-Program
13.152.7616

McAfee
Artemis!D82E3E4A19A1
5600.7012

Reason Heuristics
PUP.SolimbaAplicacionesSL.J
14.9.10.0

Trend Micro House Call
TROJ_GEN.RCBB1IG
7.2.253

File size:
108.2 KB (110,760 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Solimba DownloadMR (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winpatrol.exe

Digital Signature
Signed by:
Solimba Aplicaciones S.L.

Authority:
VeriSign, Inc.

Valid from:
5/15/2011 6:00:00 PM

Valid to:
5/15/2013 5:59:59 PM

Subject:
CN=Solimba Aplicaciones S.L., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Solimba Aplicaciones S.L., L=Badalona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
450EE582E26020D5F7632F2BECC6C5BD

File PE Metadata
Compilation timestamp:
12/5/2009 3:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:/QIURTXJ8eqgKJ+BCUCyV5+9n7zSW11fiZzi:/sugK5y87+WnO+

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.3037

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file winpatrol.exe has been seen being distributed by the following URL.

http://d9yt0xeucd09m.cloudfront.net/.../WinPatrol.exe

Remove winpatrol.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.