home

ReimageExpress.exe

Reimage Express

Reimage Limited

The application ReimageExpress.exe, “Reimage Express Downloader” by Reimage Limited has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
Reimage Express

Description:
Reimage Express Downloader

Version:
1.006

MD5:
c441a6fc5c19fc85e60229f51b8e4f92

SHA-1:
d7c139020d17d3b0978b6eab053bd48c828c3935

SHA-256:
31d688f8eef5f2a0d2bd3de72b311662126a184294f3b882a9e168d39316edee

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
4/18/2024 10:34:04 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Threat.Undefined
9.0.1.033

ESET NOD32
Win32/Toolbar.Babylon
10.9702

McAfee
Artemis!B469F794D320
5600.6501

NANO AntiVirus
Riskware.Nsis.Babylon.cwhyhv
0.28.0.59288

Reason Heuristics
Win32.Generic
16.2.2.18

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.16131

File size:
272.7 KB (279,216 bytes)

Product version:
1.006

Copyright:
© Reimage 2012

Original file name:
ReimageExpress.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\reimageexpress.exe

Digital Signature
Signed by:
Reimage Limited

Authority:
VeriSign, Inc.

Valid from:
4/10/2012 8:00:00 PM

Valid to:
5/3/2014 7:59:59 PM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08242D065B8CE1035215AAA943CF9166

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:ge34OASXjrSKqqmoRrky9jBajHPTDX+kq:/Rr5oo5xB2g

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.7096

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove ReimageExpress.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.