home

imf.exe

IObit Malware Fighter

IObit Information Technology

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IObit Malware Fighter’.
Publisher:
IObit  (signed by IObit Information Technology)

Product:
IObit Malware Fighter

Version:
3.4.0.9

MD5:
a3a03832772bbec353742269dc9c08f8

SHA-1:
e0b1c2e5c4c60b16fc4f0d604f6539d8381f9217

SHA-256:
532be7a18370b0fff3c211e18443f309c0aac3d25700801abf3abd5bd03d64c9

Scanner detections:
10 / 68

Status:
Clean  (10 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/23/2024 1:50:59 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Sality
2014.9-160215

Dr.Web
riskware program Program.Unwanted.276
9.0.1.046

Emsisoft Anti-Malware
Gen:Heur.SEPhish
8.16.02.15.09

F-Prot
W32/Virut.AI!Generic
v6.4.6.5.141

G Data
Win32.Adware.IObit
16.2.24

File size:
5.6 MB (5,893,920 bytes)

Product version:
3.4.0.0

Copyright:
Copyright (c) 2005-2015

Trademarks:
IObit

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\iobit\iobit malware fighter\imf.exe

Digital Signature
Signed by:
IObit Information Technology

Authority:
VeriSign, Inc.

Valid from:
1/15/2013 2:00:00 AM

Valid to:
2/15/2016 1:59:59 AM

Subject:
CN=IObit Information Technology, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=IObit Information Technology, L=Chengdu, S=Sichuan, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11CADAF29DA4C3CB113BF1877B120103

File PE Metadata
Compilation timestamp:
11/12/2015 4:49:41 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:KyvVmzFh/fQ7Xs3Evk2jBx8hzsq3oizJn:dKh/fT0vk2aztRln

Entry address:
0x2CA9AC

Entry point:
55, 8B, EC, 81, C4, C8, FE, FF, FF, 53, 56, 57, 33, C0, 89, 85, CC, FE, FF, FF, 89, 85, C8, FE, FF, FF, 89, 85, D0, FE, FF, FF, 89, 85, D4, FE, FF, FF, 89, 45, EC, B8, A4, 68, 6C, 00, E8, 15, EB, D3, FF, 33, C0, 55, 68, 71, AF, 6C, 00, 64, FF, 30, 64, 89, 20, B8, 8C, AF, 6C, 00, E8, 71, 9A, E5, FF, 84, C0, 74, 33, 33, C0, 55, 68, 1D, AA, 6C, 00, 64, FF, 30, 64, 89, 20, E8, 22, 25, FB, FF, E8, 55, 25, FB, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 0A, E9, B2, A4, D3, FF, E8, C9, A9, D3, FF, 6A, 00, E8, 5A, F1...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.8 MB (2,923,520 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IObit Malware Fighter

Command:
"C:\Program Files\iobit\iobit malware fighter\imf.exe" \autostart


Scan imf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.