» impress_setup.exe
Overview
Analysis
File Details

impress_setup.exe

TODO:

iBryte

This adware bundler is distributed through Adknowledge's advertising supported software managers. The application impress_setup.exe, “OpenOffice ” by iBryte has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Adknowledge Fusion installer.

File name:

impress_setup.exe

Publisher:

iBryte (signed and verified)

Product:

TODO: <Product name>

Description:

OpenOffice

Version:

1.0.0.1

MD5:

d475a02dd24c29a27bc74d5252fce277

SHA-1:

f18093fd2a1206834985cc02a5b3ec23b9882dcf

SHA-256:

cf9b0061566798e85a6fdf689a880bb657fb267e7e6ef34c28380c6f0ea1ab5e

Scanner detections:

1 / 68

Status:

Adware

Explanation:

This installer bundles various adware prorgams that may include toolbars and web browser advertising injectors/extensions.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/27/2024 3:22:40 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Adknowledge.iBryte.Bundler (M)

16.1.6.22

File size:

667.7 KB (683,696 bytes)

Product version:

1.0.0.1

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Adknowledge Fusion

Language:

English (United States)

Common path:

C:\users\{user}\downloads\impress_setup.exe

Digital Signature

Signed by:

iBryte

Authority:

VeriSign, Inc.

Valid from:

6/17/2010 1:00:00 AM

Valid to:

6/17/2012 12:59:59 AM

Subject:

CN=iBryte, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=iBryte, L=New Castle County, S=Delaware, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5B2B3E2D634718E9BD4D41725481BAF3

File PE Metadata

Compilation timestamp:

4/13/2011 4:39:52 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:EWPyAK/cm3EpCJvPbQRr7JYNjnRPGfULG8hVPWzaoliqpWEG:/jK/XVvPbQRXJYNVPkULGqPWzvSEG

Entry address:

0x5EF0A

Entry point:

E8, BC, E9, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 8B, 4D, 08, 53, 8B, 5D, 0C, 56, 57, 33, FF, 89, 4D, F8, 89, 5D, FC, 39, 7D, 10, 74, 21, 39, 7D, 14, 74, 1C, 3B, CF, 75, 1F, E8, 13, 09, 00, 00, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, 57, E8, 9E, D6, FF, FF, 83, C4, 14, 33, C0, 5F, 5E, 5B, C9, C3, 8B, 75, 18, 3B, F7, 74, 0D, 83, C8, FF, 33, D2, F7, 75, 10, 39, 45, 14, 76, 21, 83, FB, FF, 74, 0B, 53, 57, 51, E8, E5, CB, FF, FF, 83, C4, 0C, 3B, F7, 74, B9, 83, C8, FF, 33, D2, F7, 75, 10... 
[+]

Entropy:

6.4054

Code size:

498.5 KB (510,464 bytes)

Remove impress_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.