home

imageeditorsetup.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application imageeditorsetup.exe by JumpyApps has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.bestimageeditorfunapp.com.
Publisher:
JumpyApps  (signed and verified)

MD5:
e1ae56c222c2020e8dec9e1364647610

SHA-1:
e317aeb74da1e5093e073505b38f4e8afa19cbab

SHA-256:
56aa74554f3cdc493b44ad8f2a9f0e40e39a531a8f9a7b5ae5b34cbfd450e06d

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 11:00:59 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DownloadManager
2014.08.31

Avira AntiVirus
Adware/InstallCore.A.59
7.11.170.44

AVG
Adware InstallCore
2015.0.3345

Comodo Security
Application.Win32.InstallCore.IX
19373

Dr.Web
Trojan.Packed.24524
9.0.1.0263

ESET NOD32
Win32/InstallCore.JK potentially unwanted application
8.7.0.302.0

G Data
Win32.Application.InstallCore
14.9.24

K7 AntiVirus
Unwanted-Program
13.183.13218

Malwarebytes
PUP.Optional.InstallCore
v2014.09.20.09

NANO AntiVirus
Trojan.Win32.Kryptik.cwezfs
0.28.2.61861

Panda Antivirus
Trj/Genetic.gen
14.09.20.09

Reason Heuristics
PUP.Installer.JumpyApps.Q
14.9.20.19

Sophos
Install Core Click run software
4.98

VIPRE Antivirus
Threat.4786018
32210

File size:
649.7 KB (665,280 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/17/2013 4:00:00 PM

Valid to:
2/18/2014 3:59:59 PM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:r++y4BjsAHb2OnkfXsMDR18R/2w/G1vtl5KoCkLpBv0fXlpEZiCE:r+diwCnkfXsMDsR/2MG1vdKozXv0/lp/

Entry address:
0x8440

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, F0, 89, 45, EC, B8, 08, 84, 40, 00, E8, 48, C8, FF, FF, 33, C0, 55, 68, BD, 84, 40, 00, 64, FF, 30, 64, 89, 20, E8, 51, A2, FF, FF, 85, C0, 7E, 33, 8D, 55, F0, B8, 09, 00, 00, 00, E8, A0, A2, FF, FF, 8B, 45, F0, 50, B8, 64, 00, 00, 00, E8, EA, A2, FF, FF, 8D, 55, EC, E8, 42, D5, FF, FF, 8B, 55, EC, 58, E8, 5D, B0, FF, FF, 75, 05, E8, B2, FE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, C4, 84, 40, 00, 8D, 45, EC, BA, 02, 00, 00, 00, E8, 78, AD, FF, FF, C3, E9, 0E, A8...
 
[+]

Entropy:
7.8472

Developed / compiled with:
Microsoft Visual C++

Code size:
29.5 KB (30,208 bytes)

The file imageeditorsetup.exe has been seen being distributed by the following URL.

http://www.bestimageeditorfunapp.com/default/gb/.../?dl=1

Remove imageeditorsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.