» uniprotectorpackage.exe
Overview
Analysis
File Details
Downloads (1)

uniprotectorpackage.exe

Reimage Protector Package

Reimage Limited

The application uniprotectorpackage.exe by Reimage Limited has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from cdnrep.reimage.com.

File name:

Publisher:

Reimage® (signed by Reimage Limited)

Product:

Reimage Protector Package

Version:

2.004

MD5:

af4df02494d08b542b4344f0d92fa816

SHA-1:

ece8ba56770be5efa49df809ce4cfaed14ed38ce

SHA-256:

855fe4f7f2d7990d583b6b383c8f05fcb0827f1ef9879f5680097b9dfe673d82

Scanner detections:

7 / 68

Status:

Potentially unwanted

Explanation:

The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:

4/24/2024 3:53:17 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Plugin.171

9.0.1.0210

ESET NOD32

Win32/Toolbar.Babylon

8.10171

F-Prot

W32/A-951144e2

v6.4.7.1.166

McAfee

Artemis!AF4DF02494D0

5600.7054

Reason Heuristics

PUP.Optional.ReimageLimited.T

14.9.12.17

Rising Antivirus

NS:PUF.SilenceInstaller!1.9DDF

23.00.65.14727

Trend Micro House Call

Suspicious_GEN.F47V0729

7.2.210

File size:

12.8 MB (13,382,536 bytes)

Product version:

2.004

Original file name:

ProtectorPackage.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\windows\temp\uniprotectorpackage.exe

Digital Signature

Signed by:

Reimage Limited

Authority:

VeriSign, Inc.

Valid from:

3/19/2014 7:00:00 AM

Valid to:

6/10/2016 6:59:59 AM

Subject:

CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata

Compilation timestamp:

2/25/2012 2:20:04 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

393216:yT+LY64zeGL/zNr/1Ks2okLykV1I6Xp00fzLzjwt:i+LizrLbNr/z4L5XT0uo

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.9975

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file uniprotectorpackage.exe has been seen being distributed by the following URL.

http://cdnrep.reimage.com/.../ProtectorPackage2004x64.exe

Remove uniprotectorpackage.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.