home

spuad0.exe

Reimage Repair

Reimage Limited

The application spuad0.exe, “Reimage Downloader” by Reimage Limited has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from cdnrep.reimage.com and multiple other hosts.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
Reimage Repair

Description:
Reimage Downloader

Version:
1.511

MD5:
456143d79ba160c83ba40c1bfb9961b9

SHA-1:
618e91e63db4da9847d59c754732a54ed6fad956

SHA-256:
6ac30c814967196ff6e28353faf5dea6f74eb55727c0a9efc2030a265b26a318

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/23/2024 9:10:52 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Dr.Web
Trojan.Crossrider1.1621
9.0.1.055

ESET NOD32
Win32/ReImageRepair.E potentially unwanted (variant)
9.11226

G Data
Win32.Application.ReImageRepair
15.2.25

Reason Heuristics
PUP.Optional.Reimage
15.2.24.11

File size:
766.5 KB (784,872 bytes)

Product version:
1.511

Copyright:
© Reimage 2014

Trademarks:
Reimage

Original file name:
ReimageRepair.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\spuad0.exe

Digital Signature
Signed by:
Reimage Limited

Authority:
VeriSign, Inc.

Valid from:
3/18/2014 8:00:00 PM

Valid to:
6/9/2016 7:59:59 PM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata
Compilation timestamp:
2/24/2012 2:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:30gbX/XZyOEMcv73RT7E9Yzewxnl9+pqNTO0gcCre50ET3cfE/KyZ2welOq8P:EwgOEVbhE0pnl/X0EwfE/P28P

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9093

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file spuad0.exe has been seen being distributed by the following 7 URLs.

http://cdnrep.reimage.com/download/.../ReimageRepair.exe

http://ads.adsrvmedia.net/event/click/0/8YsArW4jlCE-dM3_7q20hwHCwJMawe0_DvJdGRfrTxigneidZ5-8WXp-nkDzAsKutieKkj9YM5_qiP-TdpKasOdyIIde8iq5zfMj0k8oQf2spn0UTPxQH547p5ZVo06zSF9-9LQmuc4xdzJqlhfkNl2x9I3-ZE0m-TSvYBUk1lmTjTJ_eZ0RqFIklvHElaA3xS2znHnB5uGQYpWXosmtnLfPphvQj7wiIQabliJph36n4_Bzjy9CN6twcFHZHqsEWlAvQ0WJn0JbQ0sNgZN6pCdMv3dd6LRmQMlvcaZ5FYDnVyPwt6uz4Umnxha5UwLY4LEFv2-jwrJO7lvpRhH0RMBELPY4z-ioq_ZHXiM4bFpLDEP8JWcgY_QSVlHUBRT0l1vCg9ep2h2r0wOrBgjMgzi0ifZBx9S4qJi4r2nWDYS8ee1lg9uFUVKQdjgi/.../

http://cdnrep.reimage.com/.../ReimageRepair.exe

http://www.reimageplus.com/.../track.php?tracking=Mari-con&campaign=37453274&adgroup=direct&ads_name=direct&keyword=direct&exec=run&context=nvmGAYrsoV6Z7alQAgrah4FgLUaCBDM2uJsr5Td64FVFZ8qxXHA9t7Ik4grbFPqJuAj9vs-KqIFGNhz9BixZcKP6dDq7Po2Z6dQWr4sWryIZnwno-BzmD8RssENwWsKi0YtBAgZtExjE9nI0E23a9accgHVeYtK248ENiIOqiVT6t2o7DhCDzbNW4sFWDWkMIb2DllX1AJH1HAcS9SmEVVTJXjNUPwAB5TtdnMgwU7I1NA-J-d9c2QGsfEEoqxppTy9Dkrbw5EeW6CHnvA582FOmwwKrnz6p6L_XMjU6Dir5jiRgH0VnHfPd4AOorNqXgDnRPpT-WfWCMkYIKekgSQFpRaW5RraX-J0PrPgLd411f7j2VwSlTJA3Yp5_mL6y_4HA5bIs2ELiLvBKQ088rhiQ9_o8nHBNmQETMXSE0h_7DbZQtg

http://www.reimageplus.com/.../router_land.php?tracking=Mari-con&banner=37453274&context=nvmGAYrsoV6Z7alQAgrah4FgLUaCBDM2uJsr5Td64FVFZ8qxXHA9t7Ik4grbFPqJuAj9vs-KqIFGNhz9BixZcKP6dDq7Po2Z6dQWr4sWryIZnwno-BzmD8RssENwWsKi0YtBAgZtExjE9nI0E23a9accgHVeYtK248ENiIOqiVT6t2o7DhCDzbNW4sFWDWkMIb2DllX1AJH1HAcS9SmEVVTJXjNUPwAB5TtdnMgwU7I1NA-J-d9c2QGsfEEoqxppTy9Dkrbw5EeW6CHnvA582FOmwwKrnz6p6L_XMjU6Dir5jiRgH0VnHfPd4AOorNqXgDnRPpT-WfWCMkYIKekgSQFpRaW5RraX-J0PrPgLd411f7j2VwSlTJA3Yp5_mL6y_4HA5bIs2ELiLvBKQ088rhiQ9_o8nHBNmQETMXSE0h_7DbZQtg&lpx=sys&exec=run

http://ads.adsrvmedia.net/event/click/0/nvmGAYrsoV6Z7alQAgrah4FgLUaCBDM2uJsr5Td64FVFZ8qxXHA9t7Ik4grbFPqJuAj9vs-KqIFGNhz9BixZcKP6dDq7Po2Z6dQWr4sWryIZnwno-BzmD8RssENwWsKi0YtBAgZtExjE9nI0E23a9accgHVeYtK248ENiIOqiVT6t2o7DhCDzbNW4sFWDWkMIb2DllX1AJH1HAcS9SmEVVTJXjNUPwAB5TtdnMgwU7I1NA-J-d9c2QGsfEEoqxppTy9Dkrbw5EeW6CHnvA582FOmwwKrnz6p6L_XMjU6Dir5jiRgH0VnHfPd4AOorNqXgDnRPpT-WfWCMkYIKekgSQFpRaW5RraX-J0PrPgLd411f7j2VwSlTJA3Yp5_mL6y_4HA5bIs2ELiLvBKQ088rhiQ9_o8nHBNmQETMXSE0h_7DbZQtg/.../

http://cdnrep.reimage.com/install/.../ReimageRepair.exe

Remove spuad0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.