home

iminentuninstall.exe1a6022

Installer

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file iminentuninstall.exe1a6022 by SIEN S.A has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
I.M.I.N.E.N.T  (signed by SIEN S.A.)

Product:
Installer

Description:
IMInstaller

Version:
7.46.2.1

MD5:
c4ebd7cbdf793b330e3217fcccee8dbe

SHA-1:
e6cb214184e6a53bd4bb43a68fea2bdcc8eff8b8

SHA-256:
933e17e37eb95ed1479b27c98b008a16a7d2e7cfe024630c1c6e8722df33e9a3

Scanner detections:
17 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 8:54:08 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Iminent
7.1.1

Avira AntiVirus
Adware/Iminent.AB
7.11.192.138

Baidu Antivirus
Adware.Win32.Iminent
4.0.3.15130

Comodo Security
ApplicUnwnt
20275

ESET NOD32
Win32/Toolbar.Iminent (variant)
9.10822

Qihoo 360 Security
Win32/Virus.Adware.1ef
1.0.0.1015

Reason Heuristics
PUP.Installer.Sien
15.1.30.14

Sophos
Generic PUA OG
4.98

Trend Micro House Call
Suspicious_GEN.F47V1202
7.2.30

VIPRE Antivirus
Iminent
35394

File size:
886.2 KB (907,488 bytes)

Product version:
7.46.2.1

Copyright:
(c)I.M.I.N.E.N.T SA All rights reserved.

Original file name:
Installer.exe

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\iminentuninstall.exe1a6022

Digital Signature
Signed by:
SIEN S.A.

Authority:
GlobalSign nv-sa

Valid from:
5/12/2014 9:20:39 AM

Valid to:
5/13/2015 9:20:39 AM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D12A06D1B366EFC0AF40F74B7D6BFEFE

File PE Metadata
Compilation timestamp:
11/28/2014 3:54:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:Xdv7fZoesg0LbKnuD/OApUJLMp+xtzfc1+747pdvecFMY/Bz:tv7f+bg0LQc24UJvI+747bveiMY5

Entry address:
0x50AFD

Entry point:
E8, D0, 86, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 50, CC, 49, 00, 75, 02, F3, C3, E9, 92, 24, 00, 00, 56, 6A, 04, 6A, 20, E8, D2, 8B, 00, 00, 59, 59, 8B, F0, 56, FF, 15, 40, 82, 47, 00, A3, C0, 35, 4A, 00, A3, BC, 35, 4A, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, 58, 28, 49, 00, E8, FF, 3F, 00, 00, E8, 69, 3E, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 1A, 40, 00, 00, C3, 8B...
 
[+]

Entropy:
6.1241

Code size:
473 KB (484,352 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove iminentuninstall.exe1a6022 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.