» dlmgn.exe
Overview
Analysis
File Details
Network (4)

dlmgn.exe

III|I|L

IMBERNES PREMIUM S.L.

This belongs to a Solimba product that may be bundled with additional PUPs or may be part of an ad-supported software program. The application dlmgn.exe by IMBERNES PREMIUM S.L has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Solimba DownloadMR installer. It uses the Solimba download manager to push adware offers during the download and setup process. Bundled adware includes search and shopping web browser toolbars. It is also typically executed from the user's temporary directory.

File name:

dlmgn.exe

Publisher:

Installer Setup (signed by IMBERNES PREMIUM S.L.)

Product:

III|I|L

Description:

Installer Setup

Version:

3.1.50

MD5:

2a03b038d7ddbc9b0e90026cd06bf5dc

SHA-1:

dcbb07c7e484c776934ba3c29847c91600df178c

SHA-256:

55dee2368787291ff6e03f24732f392191f0b6cc3038087c1bf809c7eb33fd78

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Uses the Solimba installer to bundle adware offers.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 11:33:21 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.MSIL.Solimba

4.0.3.15911

Dr.Web

Trojan.Solimba.25

9.0.1.0254

ESET NOD32

MSIL/Solimba.B potentially unwanted (variant)

9.12235

McAfee

Artemis!2A03B038D7DD

5600.6645

Reason Heuristics

PUP.Solimba.IMBERNESPREMIUM.Installer (M)

15.9.11.22

File size:

369.7 KB (378,608 bytes)

Product version:

3.1.50

Trademarks:

Installer Setup

Original file name:

imgr.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Solimba DownloadMR

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\dlmgn.exe

Digital Signature

Signed by:

IMBERNES PREMIUM S.L.

Authority:

Unizeto Technologies S.A.

Valid from:

3/9/2015 10:52:38 PM

Valid to:

3/8/2017 10:52:38 PM

Subject:

E=support@imbernes.com, CN=IMBERNES PREMIUM S.L., O=IMBERNES PREMIUM S.L., C=ES

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

13D5C30806C3A51F3AB837BBFF8D5EC5

File PE Metadata

Compilation timestamp:

9/10/2015 6:59:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:jRhs1cwmi3K1L9E5ThjLhBj7JpKlgGOaGznraFJhn6I7:jDs+wmiKw1nfK1OucI7

Entry address:

0x57F2A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9417

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

344 KB (352,256 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to server-54-192-36-78.jfk1.r.cloudfront.net (54.192.36.78:443)

TCP (HTTP):

Connects to ec2-54-84-28-193.compute-1.amazonaws.com (54.84.28.193:80)

TCP (HTTP):

Connects to a96-6-113-33.deploy.akamaitechnologies.com (96.6.113.33:80)

TCP (HTTP):

Connects to a23-4-187-27.deploy.static.akamaitechnologies.com (23.4.187.27:80)

Remove dlmgn.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.