» iminentsetup{2.ei0ov76.1}.exe
Overview
Analysis
File Details

iminentsetup{2.ei0ov76.1}.exe

IMBooster

Iminent

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application iminentsetup{2.ei0ov76.1}.exe, “IMinent bootstrapper” by Iminent has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the SIEN SuperInstall installer.

File name:

Publisher:

Iminent (signed and verified)

Product:

IMBooster

Description:

IMinent bootstrapper

Version:

4.43.1.0

MD5:

42570f93f51bc780470b23fb67be8a94

SHA-1:

8d80f1ced22379c2455d2ff5ac28668ffa55c79e

SHA-256:

13726bb7b8a6f53a04ecb2565b20b9e168bb85b75981f4bba7288bf2aa9ce005

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/18/2024 1:18:48 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Sien.Iminent.Bundler (M)

16.2.13.2

File size:

807 KB (826,336 bytes)

Product version:

4.43.1.0

Original file name:

Bootstrapper.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

SIEN SuperInstall

Language:

English (United States)

Digital Signature

Signed by:

Iminent

Authority:

GlobalSign nv-sa

Valid from:

1/26/2010 7:31:06 PM

Valid to:

1/27/2012 7:31:03 PM

Subject:

CN=Iminent, O=Iminent, L=Paris, S=France, C=FR

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

010000000001266AC7D81A

File PE Metadata

Compilation timestamp:

11/6/2011 10:09:27 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:97o/eSdF9wDr1CkZalWwSLL/nxQAAxxz1F2j:97onFeDrMMKWwk/xWxe

Entry address:

0x202ED0

Entry point:

60, BE, 00, 70, 55, 00, 8D, BE, 00, A0, EA, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Entropy:

7.8480

Packer / compiler:

UPX 2.90LZMA

Code size:

692 KB (708,608 bytes)

Remove iminentsetup{2.ei0ov76.1}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.