home

IminentSetup_fr.exe

iNTERNET Turbo

Shetef Solutions & Consulting (1998) Ltd.

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application IminentSetup_fr.exe by Shetef Solutions & Consulting (1998) has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Amonetize Downloader installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Clasys Ltd.  (signed by Shetef Solutions & Consulting (1998) Ltd.)

Product:
iNTERNET Turbo

Version:
1.0.1.23

MD5:
74691f0c0575d8eff6cada8884b0260e

SHA-1:
b59fd37d77a275bbdb1b2776ea44a6e7ecd13e49

SHA-256:
48ad5eb25927fc67d4135922c6acf6a54ecd7d164170a8110d020e1097bf9d06

Scanner detections:
18 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 9:26:08 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.7847666
1133

avast!
Win32:Malware-gen
2014.9-130829

Bitdefender
Dropped:Trojan.Generic.7847666
1.0.20.1205

Clam AntiVirus
Win.Trojan.Startpage-3131
0.98/18355

Dr.Web
Trojan.AVKill.19520
9.0.1.0241

Emsisoft Anti-Malware
Dropped:Trojan.Generic.7847666
8.13.08.29.12

ESET NOD32
Win32/Amonetize
7.9170

F-Secure
Trojan.Generic.7847666
11.2013-29-08_5

G Data
Dropped:Trojan.Generic.7847666
13.8.22

IKARUS anti.virus
Trojan.Win32.Webprefix
t3scan.2.2.29

K7 AntiVirus
Trojan
13.174.10509

McAfee
Artemis!74691F0C0575
5600.7181

MicroWorld eScan
Dropped:Trojan.Generic.7847666
14.0.0.723

Panda Antivirus
Suspicious file
13.08.29.12

Reason Heuristics
PUP.Installer.ShetefSolutionsConsulting1998.P
14.8.8.3

Sophos
Troj/VBDldr-I
4.96

Trend Micro House Call
TROJ_GEN.RCBH1GV
7.2.241

VIPRE Antivirus
Trojan.Win32.Generic
24320

File size:
1.7 MB (1,736,752 bytes)

Product version:
1.0.1.23

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Amonetize Downloader (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\iminentsetup_fr.exe

Digital Signature
Signed by:
Shetef Solutions & Consulting (1998) Ltd.

Authority:
Thawte, Inc.

Valid from:
2/21/2012 4:00:00 PM

Valid to:
2/21/2013 3:59:59 PM

Subject:
CN=Shetef Solutions & Consulting (1998) Ltd., O=Shetef Solutions & Consulting (1998) Ltd., L=Rannana, S=N/A, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
40812DA0F7CB2ECD4955FD76E0A6C493

File PE Metadata
Compilation timestamp:
2/24/2012 11:21:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:Q4yYQjxW5R/FG2Hy3ljrkStA4QTQk+VQWI973:Q4SxO/EfjHA4IQ91I9L

Entry address:
0x3814

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 1C, C7, 44, 24, 10, 70, 8A, 40, 00, 89, 5C, 24, 18, C6, 44, 24, 14, 20, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 80, 40, 00, 53, FF, 15, A4, 82, 40, 00, 6A, 08, A3, 58, 89, 44, 00, E8, FA, 28, 00, 00, 53, 68, 60, 01, 00, 00, A3, 68, 88, 44, 00, 8D, 44, 24, 3C, 50, 53, 68, 1F, 8B, 40, 00, FF, 15, 70, 81, 40, 00, 68, 14, 8B, 40, 00, 68, 60, 48, 44, 00, E8, 24, 26, 00, 00, FF, 15, AC, 80, 40, 00, 50, BF, 50, 10, 47, 00, 57, E8, 12, 26...
 
[+]

Entropy:
7.9945

Packer / compiler:
Nullsoft install system v2.x

Code size:
27 KB (27,648 bytes)

The file IminentSetup_fr.exe has been seen being distributed by the following URL.

http://cdn.install.oibundles2.com/bundles/.../IminentSetup_fr.exe

Remove IminentSetup_fr.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.