home

setup_362.exe

IMALI – N.I. MEDIA LTD

The application setup_362.exe by IMALI – N.I. MEDIA has been detected as adware by 25 anti-malware scanners. The file has been seen being downloaded from 113.171.224.175 and multiple other hosts.
Publisher:
IMALI – N.I. MEDIA LTD  (signed and verified)

MD5:
45bc08ea804a1ba70819de4447fbbb49

SHA-1:
7082db7a516d3fba2a14b6b6aff2cd6064187f7d

SHA-256:
29d434f7c2a3fcb779b32aba6504ddf64475c1eb2b1c545a2f9eae900a507662

Scanner detections:
25 / 68

Status:
Adware

Analysis date:
4/26/2024 6:35:58 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.179625
683

Agnitum Outpost
PUA.Imali
7.1.1

AhnLab V3 Security
PUP/Win32.Imali
2015.03.31

Avira AntiVirus
ADWARE/Adware.Gen7
3.6.1.96

avast!
Win32:Adware-gen [Adw]
2014.9-150401

AVG
Generic
2016.0.3161

Bitdefender
Gen:Variant.Adware.Graftor.179625
1.0.20.415

Clam AntiVirus
Win.Adware.Agent-41601
0.98/21511

Dr.Web
Adware.Downware.10517
9.0.1.091

Emsisoft Anti-Malware
Gen:Variant.Graftor.179625
8.15.03.24.07

ESET NOD32
Win32/Adware.Imali (variant)
9.11367

F-Prot
W32/S-a1c3fe71
v6.4.7.1.166

F-Secure
Gen:Variant.Graftor.179625
11.2015-24-03_3

G Data
Gen:Variant.Graftor.179625
15.3.25

herdProtect (fuzzy)
variant of nsnde62.tmp
2015.6.29.4

K7 AntiVirus
Adware
13.203.15739

Kaspersky
Trojan-Downloader.Win32.Genome
14.0.0.2298

McAfee
RDN/Downloader.a!vg
5600.6720

MicroWorld eScan
Gen:Variant.Adware.Graftor.179625
16.0.0.249

NANO AntiVirus
Riskware.Win32.Downware.dpqfgl
0.30.24.1357

Panda Antivirus
Trj/Genetic.gen
15.04.01.12

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.IMALI
15.3.24.7

VIPRE Antivirus
Threat.4150696
38552

Zillya! Antivirus
Adware.Imali.Win32.27
2.0.0.2157

File size:
516.3 KB (528,688 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\lh7yvamp\setup_362.exe

Digital Signature
Signed by:
IMALI – N.I. MEDIA LTD

Authority:
GlobalSign nv-sa

Valid from:
12/29/2014 6:24:00 AM

Valid to:
12/30/2015 6:24:00 AM

Subject:
E=contact@imalimedia.net, CN=IMALI – N.I. MEDIA LTD, O=IMALI – N.I. MEDIA LTD, L=Ramat Gan, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11215FB4642CA96492ED635B137D682A42C4

File PE Metadata
Compilation timestamp:
3/23/2015 11:58:13 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Xb/DZOjM4etT8qNjtmX0JbSZjvLaJQMaPr2:Xnd7tmXCSZjvLaJ8Pr2

Entry address:
0x16376

Entry point:
E8, 20, 6B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 04, 95, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, C8, 90, 42, 00, C9, C2, 08, 00, FF, 35, D4, 57, 45, 00, FF, 15, A0, 90, 42, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, BA, 63, 00, 00, 6A, 01, 6A, 00, E8, D3, 2E, 00, 00, 83, C4, 0C, E9, 98, 2E, 00, 00...
 
[+]

Entropy:
5.6357

Code size:
158 KB (161,792 bytes)

The file setup_362.exe has been seen being distributed by the following 2 URLs.

http://113.171.224.175/.../setup_362.exe

http://storage.googleapis.com/finalinstaller/.../setup_362.exe

Remove setup_362.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.