home

setupimgburn_2.5.8.0.exe

ImgBurn

Software Association LLC

The application setupimgburn_2.5.8.0.exe by Software Association has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from imgburn.1800download.com and multiple other hosts.
Publisher:
Software Association LLC  (signed and verified)

Product:
ImgBurn

Version:
1.0.0.0

MD5:
0d38139d83344d0bd9f27c1196a82349

SHA-1:
882d11b91d29c6c75740f4aea8d74c03016da7de

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
8/14/2025 4:53:37 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
OpenCandy
2016.0.3141

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.15412

Clam AntiVirus
Win.Trojan.Agent-855157
0.98/21511

Dr.Web
Adware.Downware.9759
9.0.1.0102

ESET NOD32
Win32/OpenCandy.C potentially unsafe (variant)
9.11462

G Data
Win32.Adware.OpenCandy
15.4.25

K7 AntiVirus
Trojan
13.202.15567

Malwarebytes
PUP.Optional.OpenCandy
v2015.04.12.06

McAfee
Artemis!0D38139D8334
5600.6797

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Trend Micro House Call
Suspicious_GEN.F47V0331
7.2.102

File size:
415.6 KB (425,536 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
Software Association LLC

Authority:
DigiCert Inc

Valid from:
1/13/2015 3:00:00 AM

Valid to:
1/21/2016 3:00:00 PM

Subject:
CN=Software Association LLC, O=Software Association LLC, L=Dnepropetrovsk, S=Dnipropetrovs'ka Oblast', C=UA

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E1FC80B1C57AD69AA6F8D65D1CF90CF

File PE Metadata
Compilation timestamp:
5/20/2013 3:53:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:OiuRIDzx4T95BOoGLYg76rMezlJZ+ZFAS3B:KRIvQ5BOoGM6eMezljkj

Entry address:
0x331C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file setupimgburn_2.5.8.0.exe has been seen being distributed by the following 8 URLs.

http://imgburn.1800download.com/get_azure_file/wUiS4WnYccXAwj 1RrjxCgghkkVxZmbzR1 xcteQv A8/yOn9np5iNEIJ1Xlar74OHeuyxdSMWmeW7DzCr50ybpq1sefBR6avCX7BlS04S tgKzbr9HT0mlNq4dlyxUbFiO1AWd/lccr SP9XmaeSbcfwsbhPSVTMfpyc0lGdu2rRHE8csnENEJ/2/OhUHg3c8b41 cnWDbm5g NjvQvDpG3YsCtamNXnMu/F/tg2w8eroL8h0r5fKE2nSisEZkEspKpSDrjsZWaiE91I/.../hgiwyYgMRj7qRQfwqYi9nls3NTHOumAG3t3BOz8=

http://imgburn.1800download.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjylEBv0aNTUteh152f0sDcx2dBNJ0DtevylYSfjhxdKOSCGHeO1Tuprl wi1s3eDQ b7S37CVT8 3G8geeS943KmjpBoJ07wF9DVHy1Xmc21J94t264BnGSA7ZbwtW4amBVLftsPRNMOaz9RCMmLNzFZREghrPnFjQuO4/w2/9xSnux8VDOlu1tFpn esGkfTEFi9O2XuMnlQ8U74rvhhvyaqBnwXX6Vt1Wrc25R3P70MTU32xZOuExAMZjVn09tfyvAxp/.../rFEuq94jvhAUjNGDGum8Q2t3BOz8=

http://imgburn.1800download.com/get_azure_file/wUiS4WnYccXEwj 8WvauHEA0kxQ8PDK1Ghv3cteQv A8/yan9np5ktEPJUykYr32LSb0gA0aZ3GHQuOmHLc/xrxnwcOdDE b/CXqSh jqnD8gfPbvNvalGdMpYc7wF9AXmT4SSx 18ku9Dm9Az3NH/.../JjQeg9O2XuMjlQ9MsN vyBqmfKE2nS sEZYEutWwAHPruYOTnj4rJLxHT5ZrYCN2ounkFxhlhATTgpkBU1W8UX 24cSLxREgIHrauHRBlYzBOz8=

http://imgburn.1800download.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmV89fDKkEgq0OYjBvqA862/soGp3z9wKP0ykYr32LSb0gA0aZ3GHQuOmHLc/y7lkxsKcDE b yXqWh r7Wm0yP/TqtPK8jYP5NVJ3gIwETT5ZTxrkd0h4CvkDyvMUrcfwsHrJWFYNO1nbQoEcKX0XGh9e8vcLVgojaHuAHJ8O8WugKRwTDWouRnFm/V Xc/qIofsMWNXnMu/.../tg2w8eroL8h0r5fKE2nS sEZYEutWwAHPruYOTnj4rJLxBT5Ziem0o8 igFwgm10jkiJoHASeiDA75sdq9kx0ufXjHsngV39vBOz8=

http://jdcdn2com.blob.core.windows.net/fas/wi/18/34/1/.../SetupImgBurn_2.5.8.0.exe

http://imgburn.1800download.com/get_azure_file/.../zq9sGMxwdwEPwC Nu jeDCuyxdSMWmeQrDzCr50ybtq1sWZFQfS9SvyHhCu5C6tgLbbrN3SgwAe5dBw ggVJjPlVFF3isY39jX6RDbRFa5Xi83iPSVBMe0gJFsFNaXlVHh6fMnKNBBhhqDkGDRxIcayjbx8SyvmoFGMlvhmFsvgJ5DrLS9O1IK3G M2ylVVtMqon1OhZKtxlSShB89V5s6wAHPquYPQw3gybPVJRo4vOH0hounkFxhrnFL0xdYHGS3rFAzhqNnuxAU3fSuQqmFN19jbOz8=

http://imgburn.1800download.com/get_azure_file/wUiS4WnYccXBwj sXP7oQkEsnl0kPTqiHB/2cteQv c8/zOn/j1gwJgEL0Ptetipezb8uQkPQCbORYalBrApy6dg2pPVUh6avCX BlSh5yfr3rfDpZrSkmlZo5Y1kV4BXnWtGGcswNEivSH4UHGaRK5Xi83gNz0VPOBxb0Reeuq1Cmh0O8TJLAl70fa2V2R7ao6x2 8/HDb5oFGMlvhmFtXkLpbxKDJO1IK3HuM23ERB/.../kSa0Vocdt4XuUXKwuZCUmCQoYbZDRIw2enUguvDnRE5zhVW61NdWEi7jFAawqZju1UthLHmHsmsez9jBOz8=

http://imgburn.1800download.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjylEBnzZNjXtOh152H0sD4rl44cJgTtar/2LRDphBEYSz7baazlRto13bx zNidGVnZqj3zT0z1smngyOfa7dPfm3EM Mtk3BIBRn3kAD1/hoVwqjnxGWmfSq5eysLlMDMVY/.../GLVgojqv2VmI3c8b40OcnD3ux8VDJlu06W87pJYC8ZDJW3MuvH ohjRZW54v3nxihOrh 1CalCd1c7MWpSDrjsJuCw3V0db0AT4Y3K3wnounkFxthhATkjp4ET32oQ0 vsZGnzQgvLCuZ7zhRn4fBOz8=

Remove setupimgburn_2.5.8.0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.