» protectorpackage2007x64a.exe
Overview
Analysis
File Details
Downloads (1)

protectorpackage2007x64a.exe

Reimage Protector Package

Reimage Limited

The application protectorpackage2007x64a.exe by Reimage Limited has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. The file has been seen being downloaded from hwcdn.reimage.com.

File name:

Publisher:

Reimage® (signed by Reimage Limited)

Product:

Reimage Protector Package

Version:

2.007

MD5:

bc2a6c999c0874081131bd38405924e3

SHA-1:

20b0d01b3a7f95a3bbf8ebf9d21929014354199c

SHA-256:

d9f52278224cfd38d65e83fce36721226a779a89ef45e8cf46a2c97bbd082b5e

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:

4/26/2024 1:26:51 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Plugin.171

9.0.1.015

IKARUS anti.virus

AdWare.Plugin

t3scan.1.8.6.0

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Reason Heuristics

PUP.Optional.ReimageLimited.Y

15.1.15.15

Vba32 AntiVirus

AdWare.MSIL.OutBrowse

3.12.26.3

File size:

15.7 MB (16,508,360 bytes)

Product version:

2.007

Original file name:

ProtectorPackage.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\fdf3poiu\protectorpackage2007x64a.exe

Digital Signature

Signed by:

Reimage Limited

Authority:

VeriSign, Inc.

Valid from:

3/18/2014 5:00:00 PM

Valid to:

6/9/2016 4:59:59 PM

Subject:

CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata

Compilation timestamp:

2/24/2012 11:20:04 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

393216:WN+LY643TS/1uWmDRHndz4hIwMh3aEionewLl3LZXTWZI6Wf0A:M+Li3TS/uDRHdz4ywMtaEioNLG4J

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.9967

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

The file protectorpackage2007x64a.exe has been seen being distributed by the following URL.

http://hwcdn.reimage.com/.../ProtectorPackage2007x64a.exe

Remove protectorpackage2007x64a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.