home

iminentsetup.exe

Installer

SIEN S.A.

This is the SIEN AppScion Installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application iminentsetup.exe by SIEN S.A has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the SIEN SuperInstall installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
I.M.I.N.E.N.T  (signed by SIEN S.A.)

Product:
Installer

Description:
IMInstaller

Version:
9.44.1.1

MD5:
97ff305761eaa75e83aa0deaae971baa

SHA-1:
7d54be264410b1eee9abf3671565d28685ac704e

SHA-256:
8e42d5745bebe03a9cb88c2ee9c06495ddbea799ce29985532763ad2c1f6cb2f

Scanner detections:
13 / 68

Status:
Potentially unwanted

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
5/20/2024 7:37:41 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Iminent
7.1.1

Avira AntiVirus
Adware/Iminent.AB
7.11.194.128

AVG
Generic_r
2015.0.3253

Baidu Antivirus
Adware.Win32.Iminent
4.0.3.14112

ESET NOD32
Win32/Toolbar.Iminent (variant)
8.10643

Fortinet FortiGate
Riskware/Iminent
12/21/2014

IKARUS anti.virus
PUA.Toolbar.Iminent
t3scan.1.8.5.0

McAfee
Artemis!BD749E3B1E5E
5600.6909

Qihoo 360 Security
Win32/Virus.Adware.1ef
1.0.0.1015

Reason Heuristics
PUP.Installer.SIENSA.M
14.11.2.14

Sophos
Generic PUA PA
4.98

Trend Micro House Call
Suspicious_GEN.F47V1201
7.2.355

VIPRE Antivirus
Trojan.Win32.Generic
35632

File size:
886.6 KB (907,896 bytes)

Product version:
9.44.1.1

Copyright:
(c)I.M.I.N.E.N.T SA All rights reserved.

Original file name:
Installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
SIEN SuperInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\iminentsetup.exe

Digital Signature
Signed by:
SIEN S.A.

Authority:
GlobalSign nv-sa

Valid from:
5/12/2014 5:20:39 AM

Valid to:
5/13/2015 5:20:39 AM

Subject:
E=support@sien.com, CN=SIEN S.A., O=SIEN S.A., L=Paris, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D12A06D1B366EFC0AF40F74B7D6BFEFE

File PE Metadata
Compilation timestamp:
10/27/2014 12:30:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:lXvKG+1tNAcwjOxKeZ1JdZqsSCU08o+y6Z8OvecFM47/0Bns:tvKhDAcEOEeZ1qpy+FZPveiM47Ins

Entry address:
0x50D3B

Entry point:
E8, D2, 86, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 50, CC, 49, 00, 75, 02, F3, C3, E9, 94, 24, 00, 00, 56, 6A, 04, 6A, 20, E8, D4, 8B, 00, 00, 59, 59, 8B, F0, 56, FF, 15, 40, 82, 47, 00, A3, A0, 35, 4A, 00, A3, 9C, 35, 4A, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 0C, 68, E0, 27, 49, 00, E8, 01, 40, 00, 00, E8, 6B, 3E, 00, 00, 83, 65, FC, 00, FF, 75, 08, E8, 23, 00, 00, 00, 59, 8B, F0, 89, 75, E4, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 8B, C6, E8, 1C, 40, 00, 00, C3, 8B...
 
[+]

Code size:
474 KB (485,376 bytes)

The file iminentsetup.exe has been seen being distributed by the following 5 URLs.

http://gsf-cf.softonic.com/7d5/4be/.../Bootstrapper.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/Iminent_HTML/.../Iminent.exe

http://d3ijsb1ryk5jd8.cloudfront.net/cl/inst/bundles/Iminent/.../Iminent.exe

http://dmrm038s4vkzd.cloudfront.net/cl/inst/bundles/Iminent/.../Iminent.exe

http://b2c-descargas.s3.amazonaws.com/.../Bootstrapper.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove iminentsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.