home

ReimageRepair.exe

Reimage Repair

Reimage Limited

The application ReimageRepair.exe, “Reimage Downloader” by Reimage Limited has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from ads.adk2.com and multiple other hosts.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
Reimage Repair

Description:
Reimage Downloader

Version:
1.297

MD5:
da444e4e572cde6f73825e1e8206e466

SHA-1:
81657355b9306f36bac0de8a60d85c0584259bec

SHA-256:
4d5d8541920ee33b7a276ee87f9281e13d989fcf91fe457809ad5562736b3be9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
5/10/2024 11:19:32 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Dr.Web
Adware.Plugin.171
9.0.1.0245

G Data
Win32.Application.VMDetect
14.9.24

Reason Heuristics
PUP.Optional.ReimageLimited.N
14.9.12.17

File size:
833.9 KB (853,960 bytes)

Product version:
1.297

Copyright:
© Reimage 2014

Original file name:
ReimageRepair.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\reimagerepair.exe

Digital Signature
Signed by:
Reimage Limited

Authority:
VeriSign, Inc.

Valid from:
3/19/2014 1:00:00 AM

Valid to:
6/10/2016 1:59:59 AM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata
Compilation timestamp:
2/24/2012 8:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:O0gN2F3PmlXwbTE9YzewxnK3RTo9+pqNTO0gcCre50ET3cfE/KyU/yDEwelOq8:Ju2ZP6XwbTE0pnmq/X0EwfE/C6D88

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file ReimageRepair.exe has been seen being distributed by the following 41 URLs.

http://ads.adk2.com/event/click/0/WWC8hIrIGzeq5G_XlefGAlMfvaMi9LSh-Lu3pALoK0zCGKM8kYZNArtFDNwvbvxhqzJGvtrxQ6AboDk64owmyrn0ZKlW5z0tCpk-p_yD5tCTS1092QJuP4grdHO0SSCVG3I-PlwSHC-Oj55LuM7uf3tpEIQKw2ezCAgYvc9Cei-aGxbO8AWgw6W120L9FyhrF1Mrn-3ASU1viF4N-DSwE3Fvu2Q30gHrGTjSmJhnA15Jsz5MlgAevQR4oHt2K9D7x3JWdB-oOjRo8rEpEYzC3fqV1B0qjBTarE9IzFkxAz-RHvCFCzmIRbOCeiY0_GEcdeOFLz7DFboGrLUuW3zGuNbkENU_at7ykVEaPZbAipxIM_BywlN0RjtfOcxhGtPjf4F9xqGpr3VgQx3jYyh4W6rLzuxMkpslpum_k3NKNbS8Ss7XVynEsvR4VV894AepAf5VqMG9FgcjS-3O/.../

http://fixmyerror.reimage.revenuewire.net/.../download?Windows Code 43

http://ox-d.majorgeeks.com/w/.../rc?ts=1fHJpZD1kNzM0YTFhZC1mZGZmLTRhMzYtOGRiYy0xYWJkYmFjNmQyNDR8cnQ9MTQxMjE2OTM0MXxhdWlkPTExMTYwfGF1bT1ETUlELldFQnxzc2lkPTI0MDB8c2lkPTU1MXxwdWI9MTU4NXxwYz1VU0R8cmFpZD0yNDA5ZDJjYi0xMWNlLTRhYTYtYTg5ZC05MTliNTI1NzIyOTV8YWlkPTUzNzE2OTEzNXx0PTF8YXM9MzM2eDI4MHxsaWQ9NTM2OTA2MDkzfG9pZD03MzYyNnxwPTIwMDB8cHI9MjAwMHxhZHY9NDU5MXxhYz1VU0R8cG09UFJJQ0lORy5DUE18Ym09QlVZSU5HLk5PTkdVQVJBTlRFRUR8bGM9Mnxsdz0xNDQwfHVyPWhqUmJMQ3FFVmE

http://ads.adsrvmedia.net/event/click/0/qv3-QBF34Vmh8L0_WO6G6Tsw1GvwYqTN7LlM1a_kDoSuH7rjtuOeoe0pFeC8N3lS7HrZqnWtHwe5zFvlOAlI1E9d7D2668AVhEwpZcGIoCUg6Km3tOqUbuQsPjooFC6ZBgmwCBb9PlEnugRXb51Pi7AAyzs7iAZYB3KJAsXHBtJ-Ym7J5CO6ZMXW57Tua0bF4XbP7QkNEFWRTne8kpck5KbWTQOMSdOop_zv13M9QBOGVaJWejoD-aPmCxRnBYSu1mlJiVpBs8eVcULj2xXLZr_2eGkwLVGITImoKAPtKoY4d9BxUO9e5MBMuWDCup5Hanmwc-6nnU8CniIEAWPSMpFHv9qhqqYokSqBllA4Vt5353pffxqKfnUNK87j9g98JTDSxWcFCDVIxlZcY_5Zn1MacOwB3LjEzzYbw8yjq244I5f7JxzKF8T4vspv/.../

http://clickus.admailtiser.com/st?cipid=418040&ttype=1&dast=Ym89NCZjaXBpZD00MTgwNDAmY2lzaWQ9RTc2QkQ2QUVDRDI1NjUxMzAxMDQyNTImY2lyaWQ9RTc2QkQ2QUVDRDI1NjUyMjI3NzA2MDU0JnNsaWQ9MzU4JnN1YmlkPTIxODQwOCZjaXVpZD0yOTkxNjk4NjkwMTk4Mjg5OTQzJnNvPTQmY3JpZD0xNDc5ODQ4JmV4Y2lkPTIyJm1tdD0tMSZjbnRyeT0yOSZjaWNtcD0xNTE3OTgmcHViaWQ9MzM4&position=${POS}&ciecp=${DTYPE}&cirp=${LAG}&compid=${COMPID}&cmcv=${CMCV}&cipp=${PRICE}&excid=22&cisid=E76BD6AECD25652227706054&pixels=31221760&pix=31221760&tgt=http://.../TrafficCop.aspx?CampaignUid=59e19b4a4c56c5bf&SourceId=773&CreativeId=1479848&adgroup=1479848&LineItemId=151798&PublisherId=338&SiteID=1353645003529687731&banner=1353645003529687731&partner_var=Ym89NCZjaXBpZD00MTgwNDAmY2lzaWQ9RTc2QkQ2QUVDRDI1NjUxMzAxMDQyNTImY2lyaWQ9RTc2QkQ2QUVDRDI1NjUyMjI3NzA2MDU0JnNsaWQ9MzU4JnN1YmlkPTIxODQwOCZjaXVpZD0yOTkxNjk4NjkwMTk4Mjg5OTQzJnNvPTQmY3JpZD0xNDc5ODQ4JmV4Y2lkPTIyJm1tdD0tMSZjbnRyeT0yOSZjaWNtcD0xNTE3OTgmcHViaWQ9MzM4

http://ads.adk2.com/event/click/0/lnfSWEb8wr9Cs5xMVgN2vBM0yVHTbCF9CHxriehPz7tM-95Uf8lOog0mwxJZv3VZhLRxQ5PnWkzPMGBSu2YyiURAs8LFrxHsAZNT4NPe99BlbeBNv7uxmLN_AL5gBxSY4gSm7TGpkFeWZHEucVIbcG5b5xyeICKqfHS5svWQuxPPIU3cfBtWA2OnnnumKGyWzyeNP_28rJbFUBoQZQdvqo4Rqd5MkQz0EyZBJWG8FVnjz-L4HSi4oXZhQ7lHgUQ36H4tju9FQomUGku0VhctWdrT7pIDzuAedlPPdltYhWJcA_hpY-NNXvM-At2thFDgTVLJeYv8FyzxYQTCxINoKPsSy3JSMSb7ZYV5kyO3XvSHbSw5AqEf5LaOGyGO8AwzCinNDTxmA1bZwR64ZDNLnzdCDLrcBmwrXIXUznp6T9-n4nH0veDYSQCXhwaLNy0Q8N9P/.../

http://www.reimageplus.com/.../router_land.php?tracking=Mari-con&banner=40921455&context=vNA5SwKfshZJHwtpPKSzNw-MNqHAUljo1Qk9FXQ5r3IuolS3fQkA0rIkCTfayXZ3aSHntygCWAolPw0JTeJtg4eiqW3hoW3r332ZW7j4NLitZThvf81zQqESb10hSYN6Ede5NhXZ5AD6_Gn6foEuB_3fAfo7lqwkntQtEPSpkSujXDLhsFkEzjuJ66DtWJEavxSWE8miASql82Jetce6r2n1ndx5pbBj1GOEb49CzDg0y9oM1bRR95ZcMx2gmpQYgZPGQvOz4jd8WNC_FdK0TXU7-8cBEp346yH0m4vn2iUfa2P9y9xoGGNz88teScFLZ2ESXLTSA_ll2QcJ1IIdIslwxPO_TycQbBE1YZ6XAYIcqegdZtNd4g05pHHZF9EWKSf4yQGFDQKxWPSRGs9Xf0SxeaSdXcIAGytE8t_YHQUshGpWb2vM-QBETxY06P3D2GdPi8kdt7Cw3J2FSsAB&lpx=sys&exec=run

http://ads.adk2.com/event/click/0/c8K1OY1IA7bqRChBAhpyKJD-sKGULy1xY0zgX_2KE4zVjYzF1A44V2eVVP568oxWKyR0AYWnmA8pWMQGhYOB9puQBXqoluJUiTSttG5you9MIi_oThfVAa-OVHiNR4YbCgbbGESMV2H9HKizk94EiP7B_4FXRrzDLMSt6r1STXCR_8zL3z5xB12m7UWp6STfUXlUAzt0ESMfE0XeBbGmxBhNpP_-O5Sd3fD7JKNLrAbYmnp2Dl7WCRrs5KsiLMZzS7UaFxum9gmhE9tV0n1Is-1G8dML4Q1byXzNidkSH-RX7_7CxN3ry_QHR03jnqy36Xqa8bus-84EDvzaA9er-0_Q6U-sGl9T2hP4WS2a6hCM-lGM8aq5NPojkZTgwOCho09v-9Mf7n5X-HjkGfxWi7VshvRfmzuHTJetL7ml1eZ9T14_BeDExWAqeLh7BXL1vab0ccxb8q_lzE8/.../

http://ads.adsrvmedia.net/event/click/0/Y1ka4mLWDuzutFegGHCEoB9I_-uYAdTKD33vpqjXnEpAwy_73vAVypm9DEJqF5ptR2M2DLvzF6xBoNQ7uBbRxgcCK3LY3TaNmYoNUsU0xXKXK5tR_VbPFWY_OUc2_Oba5HWgynBngVLNKnzAv6vwSOr-p_4w_-UBjo9n2CXEsVjhP-R2h83lDqlZA6ZvSosE1MgSMRgBYRAEsdlAgDgteoNZXvTJPd8qbC9P7alK1Lf026u7uzAAyEUcVXyftvKTXmEzwWnDuKxCGN9SXZAek7bBUJwwF1Ded2E-WZcLePn554YZjV1mz3hm-ggvQ6CO9YCT1LIepNioIaHFisd5OfZWtfN23uUoZY5GVd6ahmMJBaP10vnEXTwXIOd8DtAkhJsC430W763brNEl3p6wA9aT_khkk9CHdx8Y/.../

http://ads.adk2.com/event/click/0/2gnfcIPKatk8EZU-YkFqsptktT3gV9CdeiGzQjl6L-qFFABvGpi7wxa9clXJ--m802LTQGsL4EDPne2mj2disjPNkbH_a8DyUqlIaLisjJomrA2InN_5keGJ5K462yaV_5_uBc94NHNHpKRpXoYOZhw84m6pvFh7fVts9y-CDbs24jwQELwxqKakFzz0QKPci9_LTsxBm-nVVWk_Ofhq-9xy0sy7AvtGslmCo0omUWRFhU9VjQHtdPc7inlPlCF_TtAIMNv3pxeNQajhv6y_v6eJp8MHH-T0My8PKQXnkb5lGXeFq66vKUVxA39rSSmFk1PmcBkYlAkFyTepMlvobnGhUzXtHl8JccNpq5wdJJiEPcP_Kb7sEmqnmU1olD5s98e27AE9xn25gMkRHgM7ciRVwpvQ6jHvd97pW0k/.../

http://ads.adk2.com/event/click/0/nVssjtQERFcyvA44i5TJabI3QlOD9c5Bw0SyiR2FlwHm3_nltp5J6i-3S4Q4BVB0hRkh4BNTvrISvmBP4ZVhxYmYxQgGej4KSCxg6rkb4F_SwPxS5s8SxUyd456Xk-ZXrdBG7K6tfYVIU4HEtor7oe9hwyLvvtyZZQfIr9iUCaTMmnN4VN06mUzedoPxROXvrXIHP4bmFeWprKOF3wRnFRbFjZ1vWJSWxRu92VFn0mzt172LuMq-cUL8CSF_kV_PnYZmx_4_8MYI18cuUe5oJUYPRqvXbkcSUlOZIxa6_huYrk5_9Thid8B4Qmo3O0JKW6upbv8tQKpHMdzTD2S6zUEkuo4rk7wdDzSOoLk0oVaWxXfmO7f-brjp_FnZM5zTWnBzWmG_abftU04tRe8UuLfP8sUOtYieS0lWgeg4rjCYbitIhwSZNzYkLDLGXS0ryfw/.../

http://ads.adk2.com/event/click/0/MoRUzx856-vbeOl_BU0EV60idoBqMhEZm7w7TcdVnWhO_Qa-_IuO7TX0pkGF6yY73x8Kx0X7ANdHX7cOAMptRX5YvMhzKEg0C7lUIUcfarLFTnQ9rVJWUqWC51UeN3d97k7NUpn5rd0u1XYvzquwz5h6wSsAvSF7J7FAFeM0zdq4PH02xBhtQBGWcgiNQKQu8m9nKMrhEuHk1zmYpZAjUIX19fe1tmCncvl4oaPGLoFRnYPNt-HbJTbHg42sxeAqL0gWVFQiL8VSlxV6qpbVZq1tFx0QLEgoXfpcjhFj_ObT4zUffYPBG47mwX7JAfySMuPsHh2SRbEO_hgE3k9x2891cqBMkRcPC8V-MaizcN8-YbakqfI1eSo9QmPmcQtRDqv1dkmxdAVs8blrvDiS9O9GfTwkfADIkTo-s2P4/.../

https://secure-lax.adnxs.com/click?pYQqBO_9EUBBUAXbUD8MQBfZzvdT4wRA0BMOFSvOI0Awwd0n0DopQHWmijLeZzF0MKcX1_e1FmYPUQxUAAAAAF9nMwAQCgAAdgIAAAIAAAD99NwAvmMHAAAAAQBVU0QAVVNEANgCWgBbnAAAhb8AAgUAAQIAAJQAsCMlBwAAAAA./cnd=!OQe8RAjF67UCEP3p8wYYvscdIAA./referrer=https://ib.adnxs.com/tt?id=3368799/clickenc=http://www.reimageplus.com/.../router_land.php?tracking=Mari&banner=APN&adgroup=3368799&context=lax1CLDO3rj9vq2LZhACGPXMqpTj-9mYdCIOOTguMjM4LjExMS4yNDkoATCPorGgBQ..&exec=run

http://www.reimageplus.com/.../router_land.php?tracking=Mari-con&banner=40921455&context=qXp1Fr1Kqf7ktXaAdoLn_c1AJuQGUE2fjWNxLq_d29zofXl0cVEdOlS6qsMIp-RlAf-73igdjoBiqsLMui4yJbRga-4Y9gpgrPggr4K7OffW4KRMSZ8zExxKdgD48WIcxjiy2deBcYdgfkV414LF3hnJzQsm--wTtqWt4YW21_OtCdH1JwiCLIULZzhymUB0pJFLIaW76f-iAz6sfuLw6502A3Rz7Vamr3cmG1BDbrxY4EycM72nNT9sTqPhNgWRAzkx29LJO3yfzRhCGyCSwHWffuNvDyWyWOMsob_9AG5MSG1oHEn_RwZaGDCZFil1k9H--DHym5xL4B9F8Jvy8EU6YfyNBTMCYi0blbekcyioleYQEu4HCuDjdbDOmlk_Tz-DBJqiqvY98C3fSX5WEIiHBy1MwxnQOT9ZA5ZyZvzZeXObMZlOaHvTiyR_mfSuKiO17y2HMWZuiCPIIla3i6wrKTPBq-c&lpx=sys&exec=run

http://ads.adk2.com/event/click/0/Pj0gMHRm1eJGQlf4jDJMvn5-qV8VZ9XW_Cz6dxZsENXFmaewOl3BuBbc4mRSwOBjq4vU-LRhgI-RJh1uDOivw0R1eFCyxoYEH_tu1bTrfBqmFjSPwf8WL0ThJg3w4O4moYqw85ueFraB9Lsw6nUESOnYhnEVncrnQrsbYCw98p7rjBTej5YnNxzH5yxd1YF8ul-H5LThGDB2Xvfk-pW1JjBu-F7KRDSjPh2bnHWCrmWhtj6cIG0s2_Vt1whBi8bAK8rsojxh1uZdLOmQNysMQFA9vHOCzhFld57axPPg43K1r0Wg6zYaSHPK8hW9z7h51LezXwuRENziMsr4arm8_AuNXrAbkhGW-GHdkmSK2waT_uczcMfKdHKAkhTYXaARKRGLq84QTOTfZmVkAWEk8L6h5f5Hz_VPmV5Ff8o-mKLbjpM/.../

http://cdnrep.reimage.com/.../ReimageRepair.exe

http://8cf208563b0ab61a9c8b1bcc24487e1d776e.d0452219.id.opendns.com/cdnrep.reimage.com/download/.../ReimageRepair.exe

http://www.reimageplus.com/.../track.php?tracking=PiyushSites&campaign=reimage.us.com&adgroup=direct&ads_name=direct&keyword=direct&exec=run

http://www.reimageplus.com/.../router_land.php?tracking=PiyushSites&banner=reimage.us.com&exec=run

http://www.reimage.com/.../router_land.php?tracking=PiyushSites&banner=reimage.us.com&exec=run

q=http://www.reimage.com/.../router_land.php?tracking=PiyushSites&banner=reimage.us.com&exec=run&redir_token=AZ-MOSQazlFPJ6CP7n_3ehuxzS98MTQxMTc3MDE3NUAxNDExNjgzNzc1

http://cdnrep.reimage.com/download/.../ReimageRepair.exe

http://www.reimageplus.com/.../track.php?tracking=PCW_new&campaign=mail_aug14&adgroup=blast2&ads_name=direct&keyword=direct&exec=run

http://www.reimageplus.com/.../router_land.php?tracking=PCW_new&banner=mail_aug14&adgroup=blast2&exec=run

http://atglyris7.idgcomm.com/t/17199/1017855/2962/.../

http://www.reimageplus.com/.../track.php?tracking=revenuewire&campaign=direct&adgroup=direct&ads_name=direct&keyword=direct&exec=run

http://www.reimageplus.com/.../router_land.php?tracking=revenuewire&exec=run

http://rcpreimg.reimage.safecart.com/.../download

http://rcpreimg.reimage.revenuewire.net/.../download

http://pcsecuritynews.paretologic.com/c.html?ufl=a&rtr=on&s=lj8w,yop5,y6,habi,2jeg,ebd9,m9e6

Latest 30 of 41 download URLs

Remove ReimageRepair.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.