home

gimp_setup.exe

TODO:

iBryte

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application gimp_setup.exe, “Gimp ” by iBryte has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the Adknowledge Fusion installer.
Publisher:
iBryte  (signed and verified)

Product:
TODO: <Product name>

Description:
Gimp

Version:
1.0.0.1

MD5:
1228213e2712374e90672a6236b0b24d

SHA-1:
a09fe93d793d9b4052bc045567e762427d9ab680

SHA-256:
85abbb31c0c114ac3b2b1ff2b7b8df5539b6e74a8c00ee0243ab7f67ddfb657d

Scanner detections:
35 / 68

Status:
Adware

Explanation:
This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 8:45:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.iBryte.A
385

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.IBryte
2014.09.19

Avira AntiVirus
ADWARE/Adware.Gen7
7.11.30.172

avast!
Win32:Adware-ZA [PUP]
2014.9-160116

Bitdefender
Adware.iBryte.A
1.0.20.80

Bkav FE
HW32.Laneul
1.3.0.4959

Clam AntiVirus
Adware.Ibryte-65
0.98/20570

Comodo Security
Application.Win32.AgentCV.HWYE
19547

Dr.Web
Adware.iBryte.1
9.0.1.016

Emsisoft Anti-Malware
Adware.iBryte
8.16.01.16.08

ESET NOD32
Win32/Adware.iBryte.A application
10.7.0.302.0

Fortinet FortiGate
Riskware/IBryte
1/16/2016

F-Prot
W32/Ibryte.A.gen
v6.4.6.5.141

F-Secure
Adware.iBryte.A
11.2016-16-01_7

G Data
Adware.iBryte
16.1.25

IKARUS anti.virus
Win32.AdWare
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.182.12926

Kaspersky
not-a-virus:HEUR:AdWare.Win32.iBryte
14.0.0.808

Malwarebytes
Adware.IBryte
v2016.01.16.08

McAfee
Trojan.Artemis!512A23AFC7B4
5600.6519

MicroWorld eScan
Adware.iBryte.A
17.0.0.48

NANO AntiVirus
Riskware.Win32.IBryte.czgxve
0.28.2.62151

Norman
Adware.iBryte.A
11.20160116

nProtect
Adware.iBryte.A
15.06.16.01

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Reason Heuristics
PUP.Adknowledge.iBryte.Bundler (M)
16.1.16.8

Rising Antivirus
PE:Malware.iBryte!6.5A7
23.00.65.16114

Sophos
PUA 'iBryte Installer' (of type Adware)
5.15

SUPERAntiSpyware
PUP.iBryte
9382

Trend Micro House Call
HV_IBRYTE_CG0932A2.RDXN
7.2.16

Trend Micro
TSPY_IBRYTE_CA0828BE.TOMC
10.465.16

Vba32 AntiVirus
Adware.iBryte
3.12.26.3

VIPRE Antivirus
Threat.4745967
31208

Zillya! Antivirus
Adware.iBryte.Win32.2511
2.0.0.2089

File size:
684.7 KB (701,104 bytes)

Product version:
1.0.0.1

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Adknowledge Fusion

Language:
English (United States)

Common path:
C:\users\{user}\downloads\gimp_setup.exe

Digital Signature
Signed by:
iBryte

Authority:
VeriSign, Inc.

Valid from:
6/16/2010 7:00:00 PM

Valid to:
6/16/2012 6:59:59 PM

Subject:
CN=iBryte, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iBryte, L=New Castle County, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5B2B3E2D634718E9BD4D41725481BAF3

File PE Metadata
Compilation timestamp:
9/29/2011 2:14:21 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:uywcpVyvgjsrttobYGvLH77JYQm/obx09NC6sVVUqJL1Z17Nr/B3pwxc:uyw7gj7YGvLHHJYB4x4NC68hL1Z1xpKS

Entry address:
0x617FA

Entry point:
E8, 23, EB, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 8B, 4D, 08, 53, 8B, 5D, 0C, 56, 57, 33, FF, 89, 4D, F8, 89, 5D, FC, 39, 7D, 10, 74, 21, 39, 7D, 14, 74, 1C, 3B, CF, 75, 1F, E8, 13, 09, 00, 00, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, 57, E8, 5E, D4, FF, FF, 83, C4, 14, 33, C0, 5F, 5E, 5B, C9, C3, 8B, 75, 18, 3B, F7, 74, 0D, 83, C8, FF, 33, D2, F7, 75, 10, 39, 45, 14, 76, 21, 83, FB, FF, 74, 0B, 53, 57, 51, E8, A5, C9, FF, FF, 83, C4, 0C, 3B, F7, 74, B9, 83, C8, FF, 33, D2, F7, 75, 10...
 
[+]

Entropy:
6.3847

Code size:
509.5 KB (521,728 bytes)

Remove gimp_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.