» protectorpackage2000.exe
Overview
Analysis
File Details
Downloads (1)

protectorpackage2000.exe

Reimage Protector Package

Reimage Limited

The application protectorpackage2000.exe by Reimage Limited has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cdnrep.reimage.com.

File name:

Publisher:

Reimage® (signed by Reimage Limited)

Product:

Reimage Protector Package

Version:

2.000

MD5:

616c2bd8ffde844138457cf499696413

SHA-1:

0797c9d9cf263a17fa6fedb5c5c40e7a2c3c7085

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/26/2024 1:42:01 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Plugin.171

9.0.1.0186

ESET NOD32

Win32/Toolbar.Babylon

8.10027

Reason Heuristics

PUP.Optional.ReimageLimited.U

14.9.12.17

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.14703

Trend Micro House Call

Suspicious_GEN.F47V0629

7.2.186

File size:

11.5 MB (12,051,488 bytes)

Product version:

2.000

Original file name:

ProtectorPackage.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\protectorpackage2000.exe

Digital Signature

Signed by:

Reimage Limited

Authority:

VeriSign, Inc.

Valid from:

3/19/2014 1:00:00 AM

Valid to:

6/10/2016 12:59:59 AM

Subject:

CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata

Compilation timestamp:

2/24/2012 8:20:04 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

196608:ET+LYGJ4zZUJGL/quRN2jh0r/1MMMc1L2JH1V47O/HxZ+iNgweNZWx5AmACNs4vy:ET+LY64zeGL/zNr/1nKJHM7OfiienzC6

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file protectorpackage2000.exe has been seen being distributed by the following URL.

http://cdnrep.reimage.com/.../ProtectorPackage2000.exe

Remove protectorpackage2000.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.