» iminentuninstall.exe4444be
Overview
Analysis
File Details
Downloads (1)
Network (1)

iminentuninstall.exe4444be

InstallerDlg

Iminent Technology SRL

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file iminentuninstall.exe4444be by Iminent Technology SRL has been detected as a potentially unwanted program by 26 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from b2c-descargas.s3.amazonaws.com. While running, it connects to the Internet address 123-125-232-198.static.unitasglobal.net on port 80 using the HTTP protocol.

File name:

Publisher:

I.M.I.N.E.N.T (signed by Iminent Technology SRL)

Product:

InstallerDlg

Version:

8.8.3.3

MD5:

a51bd9b77af61861d990531f5d015310

SHA-1:

b324831fbaf9a7c63347f293fed46ce04a0432ab

SHA-256:

3898bb877e14fc7d25f08094c0daacc59df231310fbc14939b1d1c3a3638f9ed

Scanner detections:

26 / 68

Status:

Potentially unwanted

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

5/2/2024 1:13:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1262617

532

Agnitum Outpost

PUA.Toolbar.Iminent

7.1.1

AhnLab V3 Security

PUP/Win32.Iminent

2015.05.30

Avira AntiVirus

ADWARE/Iminent.Gen

8.3.1.6

Arcabit

Adware.Generic.D134419

1.0.0.425

avast!

Win32:Evo-gen [Susp]

2014.9-150821

AVG

Generic

2016.0.3010

Baidu Antivirus

PUA.Win32.Iminent

4.0.3.15821

Bitdefender

Adware.Generic.1262617

1.0.20.1165

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Iminent.48, Adware.Downware.9850

9.0.1.0233

Emsisoft Anti-Malware

Adware.Generic.1262617

8.15.08.21.01

ESET NOD32

Win32/Toolbar.Iminent.K potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/Iminent

8/21/2015

F-Secure

Adware.Generic.1262617

11.2015-21-08_6

G Data

Adware.Generic.1262617

15.8.25

herdProtect (fuzzy)

variant of nsd2457.tmp (PUP)

2015.10.10.2

IKARUS anti.virus

PUA.Toolbar.Iminent

t3scan.1.9.2.0

K7 AntiVirus

Adware

13.207.16831

Malwarebytes

PUP.Optional.Iminent.A

v2015.08.21.01

McAfee

Artemis!A51BD9B77AF6

5600.6666

MicroWorld eScan

Adware.Generic.1262617

16.0.0.699

Panda Antivirus

PUP/IminentToolbar

15.08.21.01

Reason Heuristics

PUP.Sien.IminentTechnology.Bundler (M)

15.8.21.13

Rising Antivirus

PE:Trojan.Win32.Generic.18C0515B!415256923

23.00.65.15819

VIPRE Antivirus

Threat.4150696

40552

File size:

662.6 KB (678,552 bytes)

Product version:

8.8.3.3

S.I.E.N.

Original file name:

InstallerDlg.exe

Bundler/Installer:

SIEN SuperInstall

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\iminentuninstall.exe4444be

Digital Signature

Signed by:

Iminent Technology SRL

Authority:

GlobalSign nv-sa

Valid from:

1/27/2015 3:57:08 PM

Valid to:

1/28/2016 3:57:08 PM

Subject:

CN=Iminent Technology SRL, O=Iminent Technology SRL, L=Bucuresti, C=RO

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121CF423BE77B3AE7537B1BCE9F96A3C3E5

File PE Metadata

Compilation timestamp:

2/18/2015 6:45:24 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:jg1s9aiFcJUqCUGcJG+Ckc5gdIcQUIrNfkbEV5hs2t0Q+0Yf3vecaFYtrLJUE:81s9qJt6cJaid7M5cbWf+FvveNFYtrdh

Entry address:

0x3C0EC

Entry point:

E8, 21, 84, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, F0, B9, 47, 00, 75, 02, F3, C3, E9, 5C, 22, 00, 00, 55, 8B, EC, 56, 8B, 75, 14, 85, F6, 75, 04, 33, C0, EB, 6D, 8B, 45, 08, 85, C0, 75, 13, E8, AB, 35, 00, 00, 6A, 16, 5E, 89, 30, E8, C7, 8A, 00, 00, 8B, C6, EB, 53, 57, 8B, 7D, 10, 85, FF, 74, 14, 39, 75, 0C, 72, 0F, 56, 57, 50, E8, ED, 8A, 00, 00, 83, C4, 0C, 33, C0, EB, 36, FF, 75, 0C, 6A, 00, 50, E8, 1B, 2B, 00, 00, 83, C4, 0C, 85, FF, 75, 09, E8, 6A, 35, 00, 00, 6A, 16, EB, 0C, 39, 75, 0C, 73, 13, E8, 5C... 
[+]

Code size:

373.5 KB (382,464 bytes)

The file iminentuninstall.exe4444be has been seen being distributed by the following URL.

http://b2c-descargas.s3.amazonaws.com/.../Iminent.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 123-125-232-198.static.unitasglobal.net (198.232.125.123:80)

Remove iminentuninstall.exe4444be - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.