» SweetIM.exe
Overview
Analysis
File Details
Behaviors (1)

SweetIM.exe

MacroGaming SweetIM

Imvent LTD.

The application SweetIM.exe, “SweetIM Instant Messenger Enhancer” by Imvent has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SweetIM’.

File name:

SweetIM.exe

Publisher:

MacroGaming LTD. (signed by Imvent LTD.)

Product:

MacroGaming SweetIM

Description:

SweetIM Instant Messenger Enhancer

Version:

2, 1, 0, 18

MD5:

afb76275d1fa7cf5df7c28c564859e6d

SHA-1:

be2fde1991ae6ce921c0e64ac1c033e726983b50

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 10:35:57 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

16.5.14.12

File size:

100.1 KB (102,512 bytes)

Product version:

2.1.0.18

Original file name:

SweetIM.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\macrogaming\sweetim\sweetim.exe

Digital Signature

Signed by:

Imvent LTD.

Authority:

GeoTrust Inc

Valid from:

8/4/2006 7:33:55 AM

Valid to:

8/4/2007 7:33:55 AM

Subject:

CN=Imvent LTD., OU=GeoTrust Code Signing, OU=R&D, O=Imvent LTD., L=Raanana, S=Israel, C=IL

Issuer:

CN=GeoTrust TrustCenter CodeSigning CA I, O=GeoTrust Inc, OU=GeoTrust TrustCenter CodeSigning CA, C=US

Serial number:

00E78E00010020941DEDAB3E72E378

File PE Metadata

Compilation timestamp:

7/25/2007 2:34:20 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

CTPH (ssdeep):

1536:xki9QyNBI1sa9byvfY/+5jOe1g4Bufq3K4/TqE4tOUTytsJfD3ToiQ4B8:eiWCzvfk+5ye1g40S3K4bqf+mrly

Entry address:

0x7D98

Entry point:

6A, 74, 68, 08, 97, 40, 00, E8, 48, 02, 00, 00, 33, DB, 89, 5D, E0, 53, 8B, 3D, 20, 90, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 2C, 91, 40, 00, 59, 83, 0D, FC, D1, 40, 00, FF, 83... 
[+]

Entropy:

5.9520

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

32 KB (32,768 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SweetIM

Command:

C:\Program Files\macrogaming\sweetim\sweetim.exe

Remove SweetIM.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.