home

antitoolbarsetup-tamindir.exe

AntiToolbar

Reimage Limited

The application antitoolbarsetup-tamindir.exe, “AntiToolbar Setup” by Reimage Limited has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from files2.majorgeeks.com and multiple other hosts.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
AntiToolbar

Description:
AntiToolbar Setup

Version:
1.001

MD5:
ebb060570c05d151a2e53c3a80885a8a

SHA-1:
377fa63509d7470e88b80e189b77bd8665883f13

SHA-256:
220655abc622cf67fe0a5a9478d21a9c8d97ddc14b8d9e8b64c7346f5ffae967

Scanner detections:
2 / 68

Status:
Adware

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/26/2024 9:36:49 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Crossrider.Reimage.Installer.Z
14.9.12.17

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
345.5 KB (353,800 bytes)

Product version:
1.001

Copyright:
© Reimage 2012

Original file name:
AntiToolbarSetup.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\antitoolbarsetup-tamindir.exe

Digital Signature
Signed by:
Reimage Limited

Authority:
VeriSign, Inc.

Valid from:
4/11/2012 3:00:00 AM

Valid to:
5/4/2014 2:59:59 AM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08242D065B8CE1035215AAA943CF9166

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:xe34IaiOV75+ZPPfnE2Qyn2FEtt2NB6+sbKRr2phy9jBDj5f+TjHPTDX+kqT:QMVF+ZPPfnEUnsEWfXsbKop0xBDVf+f8

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file antitoolbarsetup-tamindir.exe has been seen being distributed by the following 4 URLs.

http://files2.majorgeeks.com/1625abb8e458a79765c62009235e9d5b//.../AntiToolbarSetup.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&PHPSESSID=57bitge211cr83tbj1qd63prd1

http://files7.majorgeeks.com/files/c89cef51792c2c4420221ba3964e5165//.../AntiToolbarSetup.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&PHPSESSID=1boah09sfq1e70j6273t3og2t0

Remove antitoolbarsetup-tamindir.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.