ReimageRepair.exe

Reimage Repair

Reimage Limited

The application ReimageRepair.exe, “Reimage Downloader” by Reimage Limited has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from ads.adk2.com and multiple other hosts.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
Reimage Repair

Description:
Reimage Downloader

Version:
1.297

MD5:
da444e4e572cde6f73825e1e8206e466

SHA-1:
81657355b9306f36bac0de8a60d85c0584259bec

SHA-256:
4d5d8541920ee33b7a276ee87f9281e13d989fcf91fe457809ad5562736b3be9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/6/2021 1:16:35 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.171
9.0.1.0245

G Data
Win32.Application.VMDetect
14.9.24

Reason Heuristics
PUP.Optional.ReimageLimited.N
14.9.12.17

File size:
833.9 KB (853,960 bytes)

Product version:
1.297

Copyright:
© Reimage 2014

Original file name:
ReimageRepair.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\reimagerepair.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/19/2014 1:00:00 AM

Valid to:
6/10/2016 1:59:59 AM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata
Compilation timestamp:
2/24/2012 8:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:O0gN2F3PmlXwbTE9YzewxnK3RTo9+pqNTO0gcCre50ET3cfE/KyU/yDEwelOq8:Ju2ZP6XwbTE0pnmq/X0EwfE/C6D88

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file ReimageRepair.exe has been seen being distributed by the following 41 URLs.

http://ads.adk2.com/event/click/0/WWC8hIrIGzeq5G_XlefGAlMfvaMi9LSh-Lu3pALoK0zCGKM8kYZNArtFDNwvbvxhqzJGvtrxQ6AboDk64owmyrn0ZKlW5z0tCpk-p_yD5tCTS1092QJuP4grdHO0SSCVG3I-PlwSHC-Oj55LuM7uf3tpEIQKw2ezCAgYvc9Cei-aGxbO8AWgw6W120L9FyhrF1Mrn-3ASU1viF4N-DSwE3Fvu2Q30gHrGTjSmJhnA15Jsz5MlgAevQR4oHt2K9D7x3JWdB-oOjRo8rEpEYzC3fqV1B0qjBTarE9IzFkxAz-RHvCFCzmIRbOCeiY0_GEcdeOFLz7DFboGrLUuW3zGuNbkENU_at7ykVEaPZbAipxIM_BywlN0RjtfOcxhGtPjf4F9xqGpr3VgQx3jYyh4W6rLzuxMkpslpum_k3NKNbS8Ss7XVynEsvR4VV894AepAf5VqMG9FgcjS-3O/.../

http://fixmyerror.reimage.revenuewire.net/.../download?Windows Code 43

http://ox-d.majorgeeks.com/w/.../rc?ts=1fHJpZD1kNzM0YTFhZC1mZGZmLTRhMzYtOGRiYy0xYWJkYmFjNmQyNDR8cnQ9MTQxMjE2OTM0MXxhdWlkPTExMTYwfGF1bT1ETUlELldFQnxzc2lkPTI0MDB8c2lkPTU1MXxwdWI9MTU4NXxwYz1VU0R8cmFpZD0yNDA5ZDJjYi0xMWNlLTRhYTYtYTg5ZC05MTliNTI1NzIyOTV8YWlkPTUzNzE2OTEzNXx0PTF8YXM9MzM2eDI4MHxsaWQ9NTM2OTA2MDkzfG9pZD03MzYyNnxwPTIwMDB8cHI9MjAwMHxhZHY9NDU5MXxhYz1VU0R8cG09UFJJQ0lORy5DUE18Ym09QlVZSU5HLk5PTkdVQVJBTlRFRUR8bGM9Mnxsdz0xNDQwfHVyPWhqUmJMQ3FFVmE

http://ads.adsrvmedia.net/event/click/0/qv3-QBF34Vmh8L0_WO6G6Tsw1GvwYqTN7LlM1a_kDoSuH7rjtuOeoe0pFeC8N3lS7HrZqnWtHwe5zFvlOAlI1E9d7D2668AVhEwpZcGIoCUg6Km3tOqUbuQsPjooFC6ZBgmwCBb9PlEnugRXb51Pi7AAyzs7iAZYB3KJAsXHBtJ-Ym7J5CO6ZMXW57Tua0bF4XbP7QkNEFWRTne8kpck5KbWTQOMSdOop_zv13M9QBOGVaJWejoD-aPmCxRnBYSu1mlJiVpBs8eVcULj2xXLZr_2eGkwLVGITImoKAPtKoY4d9BxUO9e5MBMuWDCup5Hanmwc-6nnU8CniIEAWPSMpFHv9qhqqYokSqBllA4Vt5353pffxqKfnUNK87j9g98JTDSxWcFCDVIxlZcY_5Zn1MacOwB3LjEzzYbw8yjq244I5f7JxzKF8T4vspv/.../

http://clickus.admailtiser.com/st?cipid=418040&ttype=1&dast=Ym89NCZjaXBpZD00MTgwNDAmY2lzaWQ9RTc2QkQ2QUVDRDI1NjUxMzAxMDQyNTImY2lyaWQ9RTc2QkQ2QUVDRDI1NjUyMjI3NzA2MDU0JnNsaWQ9MzU4JnN1YmlkPTIxODQwOCZjaXVpZD0yOTkxNjk4NjkwMTk4Mjg5OTQzJnNvPTQmY3JpZD0xNDc5ODQ4JmV4Y2lkPTIyJm1tdD0tMSZjbnRyeT0yOSZjaWNtcD0xNTE3OTgmcHViaWQ9MzM4&position=${POS}&ciecp=${DTYPE}&cirp=${LAG}&compid=${COMPID}&cmcv=${CMCV}&cipp=${PRICE}&excid=22&cisid=E76BD6AECD25652227706054&pixels=31221760&pix=31221760&tgt=http://.../TrafficCop.aspx?CampaignUid=59e19b4a4c56c5bf&SourceId=773&CreativeId=1479848&adgroup=1479848&LineItemId=151798&PublisherId=338&SiteID=1353645003529687731&banner=1353645003529687731&partner_var=Ym89NCZjaXBpZD00MTgwNDAmY2lzaWQ9RTc2QkQ2QUVDRDI1NjUxMzAxMDQyNTImY2lyaWQ9RTc2QkQ2QUVDRDI1NjUyMjI3NzA2MDU0JnNsaWQ9MzU4JnN1YmlkPTIxODQwOCZjaXVpZD0yOTkxNjk4NjkwMTk4Mjg5OTQzJnNvPTQmY3JpZD0xNDc5ODQ4JmV4Y2lkPTIyJm1tdD0tMSZjbnRyeT0yOSZjaWNtcD0xNTE3OTgmcHViaWQ9MzM4

http://ads.adk2.com/event/click/0/lnfSWEb8wr9Cs5xMVgN2vBM0yVHTbCF9CHxriehPz7tM-95Uf8lOog0mwxJZv3VZhLRxQ5PnWkzPMGBSu2YyiURAs8LFrxHsAZNT4NPe99BlbeBNv7uxmLN_AL5gBxSY4gSm7TGpkFeWZHEucVIbcG5b5xyeICKqfHS5svWQuxPPIU3cfBtWA2OnnnumKGyWzyeNP_28rJbFUBoQZQdvqo4Rqd5MkQz0EyZBJWG8FVnjz-L4HSi4oXZhQ7lHgUQ36H4tju9FQomUGku0VhctWdrT7pIDzuAedlPPdltYhWJcA_hpY-NNXvM-At2thFDgTVLJeYv8FyzxYQTCxINoKPsSy3JSMSb7ZYV5kyO3XvSHbSw5AqEf5LaOGyGO8AwzCinNDTxmA1bZwR64ZDNLnzdCDLrcBmwrXIXUznp6T9-n4nH0veDYSQCXhwaLNy0Q8N9P/.../

http://www.reimageplus.com/.../router_land.php?tracking=Mari-con&banner=40921455&context=vNA5SwKfshZJHwtpPKSzNw-MNqHAUljo1Qk9FXQ5r3IuolS3fQkA0rIkCTfayXZ3aSHntygCWAolPw0JTeJtg4eiqW3hoW3r332ZW7j4NLitZThvf81zQqESb10hSYN6Ede5NhXZ5AD6_Gn6foEuB_3fAfo7lqwkntQtEPSpkSujXDLhsFkEzjuJ66DtWJEavxSWE8miASql82Jetce6r2n1ndx5pbBj1GOEb49CzDg0y9oM1bRR95ZcMx2gmpQYgZPGQvOz4jd8WNC_FdK0TXU7-8cBEp346yH0m4vn2iUfa2P9y9xoGGNz88teScFLZ2ESXLTSA_ll2QcJ1IIdIslwxPO_TycQbBE1YZ6XAYIcqegdZtNd4g05pHHZF9EWKSf4yQGFDQKxWPSRGs9Xf0SxeaSdXcIAGytE8t_YHQUshGpWb2vM-QBETxY06P3D2GdPi8kdt7Cw3J2FSsAB&lpx=sys&exec=run

http://ads.adk2.com/event/click/0/c8K1OY1IA7bqRChBAhpyKJD-sKGULy1xY0zgX_2KE4zVjYzF1A44V2eVVP568oxWKyR0AYWnmA8pWMQGhYOB9puQBXqoluJUiTSttG5you9MIi_oThfVAa-OVHiNR4YbCgbbGESMV2H9HKizk94EiP7B_4FXRrzDLMSt6r1STXCR_8zL3z5xB12m7UWp6STfUXlUAzt0ESMfE0XeBbGmxBhNpP_-O5Sd3fD7JKNLrAbYmnp2Dl7WCRrs5KsiLMZzS7UaFxum9gmhE9tV0n1Is-1G8dML4Q1byXzNidkSH-RX7_7CxN3ry_QHR03jnqy36Xqa8bus-84EDvzaA9er-0_Q6U-sGl9T2hP4WS2a6hCM-lGM8aq5NPojkZTgwOCho09v-9Mf7n5X-HjkGfxWi7VshvRfmzuHTJetL7ml1eZ9T14_BeDExWAqeLh7BXL1vab0ccxb8q_lzE8/.../

q=http://www.reimage.com/.../router_land.php?tracking=PiyushSites&banner=reimage.us.com&exec=run&redir_token=AZ-MOSQazlFPJ6CP7n_3ehuxzS98MTQxMTc3MDE3NUAxNDExNjgzNzc1

Latest 30 of 41 download URLs

Remove ReimageRepair.exe - Powered by Reason Core Security