home

imageeditorsetup.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application imageeditorsetup.exe by JumpyApps has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
JumpyApps  (signed and verified)

MD5:
ee2c6619c234570d846b68e7c644e4b9

SHA-1:
8b8d0f09b1fdc33d4eaaa71115a6bbe95ea2eb3a

SHA-256:
a3d1862371a9f8093800394639d1e1ee074e7be4ebb9adbc8476a29eaa25a749

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 8:49:35 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.bwam.1
7.11.164.242

AVG
Adware InstallCore
2016.0.3163

Comodo Security
Application.Win32.InstallCore.IX
19049

Dr.Web
Trojan.Packed.25581
9.0.1.080

ESET NOD32
Win32/InstallCore.IX potentially unwanted application
9.7.0.302.0

G Data
Win32.Application.InstallCore
15.3.24

herdProtect (fuzzy)
variant of icreinstall_imageeditorsetup.exe (Adware)
2015.6.27.3

IKARUS anti.virus
Trojan.Agent
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.202.15338

Malwarebytes
PUP.Optional.JumpyApps.A
v2015.03.21.12

NANO AntiVirus
Trojan.Win32.DP.dctesu
0.28.2.61349

Panda Antivirus
Trj/Genetic.gen
15.03.21.12

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.Bundler.ironSource
15.3.21.12

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15319

Sophos
Install Core Click run software
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Kryptik
9984

Vba32 AntiVirus
Downware.InstallCore
3.12.26.3

VIPRE Antivirus
Threat.4786018
31208

Zillya! Antivirus
Trojan.Kryptik.Win32.625200
2.0.0.2109

File size:
650.6 KB (666,200 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\imageeditorsetup.exe

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/17/2013 4:00:00 PM

Valid to:
2/18/2014 3:59:59 PM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:UCfeXHsCDvvp08j3yXSDbs8vt9rZPaGKfdVwiy+pSrGVpT1j8twuKWyvZsKo/fXo:UC2NrxOXSDbrvTliGKfXy/GVB1KAdet

Entry address:
0x75F8

Entry point:
55, 8B, EC, 83, C4, F4, B8, C8, 75, 40, 00, E8, 98, CF, FF, FF, B8, 64, 00, 00, 00, E8, 02, B0, FF, FF, 3D, E8, 03, 00, 00, 75, 05, E8, 06, FF, FF, FF, E8, E5, B8, FF, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8348

Developed / compiled with:
Microsoft Visual C++

Code size:
26 KB (26,624 bytes)

Remove imageeditorsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.