home

rei_supportinfotool.exe

IMALI - N.I. MEDIA TD

The application rei_supportinfotool.exe by IMALI - N.I. MEDIA TD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
IMALI - N.I. MEDIA TD  (signed and verified)

MD5:
8a5c5f7178aeceb5c5421957402002aa

SHA-1:
012662308853605fa0b2ed312b896116939201ed

SHA-256:
7cc8952a06448d03831ef2da63304b8815381aa71c06469b3959d3f16dc1eac1

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/17/2024 4:25:23 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.IMALI (M)
16.9.20.6

File size:
6.5 MB (6,816,096 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\winfix\winfix pro\rei_supportinfotool.exe

Digital Signature
Signed by:
IMALI - N.I. MEDIA TD

Authority:
DigiCert Inc

Valid from:
12/13/2014 10:00:00 PM

Valid to:
12/16/2015 10:00:00 AM

Subject:
CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
017B4EC01F594ADE73E421BB2CDD9FE2

File PE Metadata
Compilation timestamp:
5/17/2015 12:31:05 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
49152:oGeZ2MVQ3dMUt5nN0//LadoqfcMbqbJKxLr6H4vR8+pPGMDHfqNI+Ou1wNP+gz7S:F35EL2jqgIkqNiu1K1L0EWvU1idYlRs

Entry address:
0x36174C

Entry point:
48, 83, EC, 28, E8, FF, D9, 00, 00, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 57, 48, 83, EC, 40, 48, 8B, F1, 48, 8B, FA, 48, 8D, 48, D8, 49, 8B, D0, E8, 72, ED, FF, FF, 33, ED, 48, 85, F6, 75, 2D, E8, 2E, 52, 00, 00, C7, 00, 16, 00, 00, 00, E8, CB, 93, 00, 00, 40, 38, 6C, 24, 38, 74, 0C, 48, 8B, 44, 24, 30, 83, A0, C8, 00, 00, 00, FD, B8, FF, FF, FF, 7F, E9, 93, 00, 00, 00, 48, 85, FF, 74, CE, 48, 8B, 44, 24, 20, 39, 68, 14, 75, 3A, 48, 2B, F7...
 
[+]

Code size:
3.8 MB (3,988,992 bytes)

Remove rei_supportinfotool.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.