» IMBooster.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (7)

IMBooster.exe

Iminent Booster

Iminent

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application IMBooster.exe by Iminent has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IMBooster’. Additionally, the file is typically installed by a number of programs including IMBooster by IMinent and Iminent by IMinent.

File name:

IMBooster.exe

Publisher:

Iminent (signed and verified)

Product:

Iminent Booster

Description:

IMBooster

Version:

3.47.0.0

MD5:

97816fe0cb19b1f2bcc12b16c02c410e

SHA-1:

dc348a02f5f0259ec58a02b28914a26c79cb1ff2

Scanner detections:

5 / 68

Status:

Potentially unwanted

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 2:58:41 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Iminent.34

9.0.1.0224

ESET NOD32

Win32/Toolbar.Iminent.E potentially unwanted (variant)

9.12040

Qihoo 360 Security

Trojan.Generic

1.0.0.1015

Reason Heuristics

PUP.Sien.Iminent.Bundler (M)

15.8.12.4

VIPRE Antivirus

Iminent

42612

File size:

1.3 MB (1,323,000 bytes)

Product version:

3.47.0.0

Iminent 2009-2010

Original file name:

IMBooster.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

SIEN SuperInstall

Language:

Language Neutral

Common path:

C:\Program Files\iminent\imbooster\imbooster.exe

Digital Signature

Signed by:

Iminent

Authority:

GlobalSign nv-sa

Valid from:

1/26/2010 10:31:06 AM

Valid to:

1/27/2012 10:31:03 AM

Subject:

CN=Iminent, O=Iminent, L=Paris, S=France, C=FR

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001266AC7D81A

File PE Metadata

Compilation timestamp:

11/19/2010 1:25:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:JRdTLCQGTBddJGgmX/prXgJGgmX/prXCJGgmX/prXAVr78G:F+PBddTe/prwTe/prSTe/pr0r78G

Entry address:

0x1367FE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.2 MB (1,264,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IMBooster

Command:

C:\Program Files\iminent\imbooster\imbooster.exe \warmup

The file IMBooster.exe has been discovered within the following programs.

IMBooster by IMinent

Publisher's description - “When Iminent is installed, we provide the option to change the default search engine and home page to SearchTheWeb. Powered by metasearch technology, SearchTheWeb is a top-notch tool that compiles the best results from leading search engines: Google, Yahoo!, Bing and Ask.”

www.iminent.com

57% remove it

Iminent by IMinent

Iminent toolbar is a browser extension for Internet Explorer and Firefox which is used to emoticons while using Facebook and web-based email products. During installation the Iminent toolbar changes your browser's homepage to seach.iminent.

68% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ec2-23-23-219-183.compute-1.amazonaws.com (23.23.219.183:80)

TCP (HTTP):

Connects to ec2-54-235-187-72.compute-1.amazonaws.com (54.235.187.72:80)

TCP (HTTP):

Connects to i0-h0-s1047.p0-mia.cdngp.net (174.35.36.80:80)

TCP (HTTP):

Connects to i0-h0-s1037.p0-mia.cdngp.net (174.35.36.70:80)

TCP (HTTP):

Connects to i0-h0-s1031.p0-mia.cdngp.net (174.35.36.39:80)

TCP (HTTP):

Connects to i0-h0-s1005.p0-mia.cdngp.net (174.35.36.10:80)

TCP (HTTP):

Connects to ec2-54-243-144-249.compute-1.amazonaws.com (54.243.144.249:80)

Remove IMBooster.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.