gimp.exe

Useful Software

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application gimp.exe by Useful Software has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from inst.greatappsfree.net and multiple other hosts.
Publisher:
Useful Software  (signed and verified)

Version:
1.0.0.6

MD5:
4e3a2cd8522072041d4ae065545337d9

SHA-1:
d80842c175f3da703a54b185724381bda5fd0ac0

SHA-256:
e6655666338f23b1b29bd1b166618a65d0d9dfdf6ce259d0ac4eb9f9b13fcbba

Scanner detections:
8 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 2:07:11 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Usefus
2015.0.3408

Dr.Web
Adware.Downware.4150
9.0.1.0200

ESET NOD32
Win32/Verti (variant)
8.9899

Fortinet FortiGate
Riskware/Verti
7/19/2014

McAfee
Artemis!4E3A2CD85220
5600.7064

Reason Heuristics
PUP.UsefulSoftware.E
14.7.19.23

Trend Micro House Call
TROJ_GEN.F47V0523
7.2.200

VIPRE Antivirus
Rocketfuel Installer
29982

File size:
340.9 KB (349,128 bytes)

Product version:
1.0.0.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\gimp.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/14/2014 1:00:00 PM

Valid to:
12/17/2014 12:59:59 PM

Subject:
CN=Useful Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Useful Software, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7DB9B4E338BDCF4F909F675C098B0E76

File PE Metadata
Compilation timestamp:
5/23/2014 6:54:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:UCilri4EyDkgx5Hf2+LXqruUG081E7LUzZAK/CqoA5p6v2qAPzBoL/xsTkKFW4xw:YrzXqruUGf2nUzZA+CqoA5p6v2qAPzBO

Entry address:
0x21F35

Entry point:
E8, 86, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 38, AB, 44, 00, E8, 55, 2C, 00, 00, 6A, 0E, E8, C6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 14, F7, 44, 00, BA, 10, F7, 44, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, A7, B4, FF, FF, 59, FF, 76, 04, E8, 9E, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 44, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 92, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B...
 
[+]

Entropy:
6.5010

Code size:
211 KB (216,064 bytes)

The file gimp.exe has been seen being distributed by the following 3 URLs.

Remove gimp.exe - Powered by Reason Core Security