home

iminenttoolbar.exe

Montiera Technologies LTD

It is part of the Montiera web browser toolbar monetization platform which injects browser search and advertising within the user's web browser. The application iminenttoolbar.exe by Montiera Technologies has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from vzapp.iminent.com.
Publisher:
iminent  (signed by Montiera Technologies LTD)

Product:
iminent

Version:
1.8.26.8

MD5:
755c00921a3ebfddd16abb30d1e9e4be

SHA-1:
4682531361adcf423207ca2ce917cadcb4d5c344

SHA-256:
4a71314c45c733f6a52d07be173e11ec2d4c7c5e230f69a77bda38c2753a59fd

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
4/26/2024 2:13:31 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Skodna
2014.0.3620

Bkav FE
W32.Clodeb0.Trojan
1.3.0.4613

Dr.Web
Adware.Downware.1466
9.0.1.0354

ESET NOD32
Win32/Toolbar.Montiera
7.9181

Malwarebytes
PUP.Optional.Iminent.A
v2013.12.20.07

Reason Heuristics
PUP.MontieraTechnologies.O
14.3.1.10

Trend Micro House Call
TROJ_GEN.F47V1027
7.2.354

Vba32 AntiVirus
AdWare.DelBar
3.12.24.3

VIPRE Antivirus
Montiera
24450

File size:
2.2 MB (2,292,488 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\iminenttoolbar.exe

Digital Signature
Signed by:
Montiera Technologies LTD

Authority:
COMODO CA Limited

Valid from:
6/26/2013 2:00:00 AM

Valid to:
6/27/2014 1:59:59 AM

Subject:
CN=Montiera Technologies LTD, O=Montiera Technologies LTD, STREET="18, Amammi st", L=Even Yehuda, S=Hasharon, PostalCode=40500, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3E6A02DA5FCBA17D267CD5B0DBC10A17

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:ZLDJ2FDIIDnd2PAdsLsIs60JcNlTIlfRBNMf05Bj:mIIDndOkAs60SFIDByM5Bj

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file iminenttoolbar.exe has been seen being distributed by the following URL.

http://vzapp.iminent.com/vz/2fe796a5-06cc-48f6-8c8f-bdcc0abb0d92/.../IMinentToolbar.exe

Remove iminenttoolbar.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.