» imeshv12.exe
Overview
Analysis
File Details

imeshv12.exe

The application imeshv12.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform.

File name:

imeshv12.exe

MD5:

41f31a87284fca18db41ce04743d101f

SHA-1:

351ce3f72d6f63cd97073eaf11deeb6dcb536c8c

SHA-256:

bddb2372dfa81d5b125f8f00afebaacd9933f037f55f0d480d695cf8b79ea6e8

Scanner detections:

19 / 68

Status:

Potentially unwanted

Explanation:

This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:

4/25/2024 4:42:55 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.InstallCore

7.1.1

Avira AntiVirus

ADWARE/InstallCore.Gen7

7.11.127.60

Baidu Antivirus

Trojan.Win32.InstallCore

4.0.3.14722

Bkav FE

W32.Clod621.Trojan

1.3.0.4923

Comodo Security

ApplicUnwnt

17677

Dr.Web

Adware.InstallCore.80

9.0.1.0203

ESET NOD32

Win32/InstallCore.BC (variant)

8.8371

Fortinet FortiGate

W32/InstallCore.BC

7/22/2014

F-Prot

W32/InstallCore.R.gen

v6.4.7.1.166

IKARUS anti.virus

SoftwareBundler

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.168.8751

Malwarebytes

PUP.Optional.InstallCore

v2014.07.22.01

McAfee

Artemis!9B0E9FD025A8

5600.7061

Microsoft Security Essentials

SoftwareBundler:Win32/DealPly

1.165.247.01

NANO AntiVirus

Trojan.Win32.InstallCore.cjrfnc

0.28.0.58491

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14720

Sophos

InstallCore ToDownload

4.97

Trend Micro House Call

TROJ_GEN.F47V0207

7.2.203

VIPRE Antivirus

InstallCore.b

25826

File size:

651.4 KB (667,016 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:ArJfsGmQeiqtzwSbW61AwYz3WdDtLv9RKF28yaPCBk9UD8F5zAlTR2n1+ySaMw4:8JfsHQellwSb+wu3WdDbRO28yjmQ8F5I

Entry address:

0x98CC

Entry point:

55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

36 KB (36,864 bytes)

Remove imeshv12.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.