imagedownload.exe

GOLDBAR VENTURES LTD

The application imagedownload.exe by GOLDBAR VENTURES has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ImageDownload by GoldBar Ventures LTD which is a potentially unwanted software program.
Publisher:
GOLDBAR VENTURES LTD  (signed and verified)

MD5:
66109753ff1731b97f701aa0b1b13627

SHA-1:
f2494a4a46a0ea717e7f8738feb4972937253218

SHA-256:
30a2edf70371c3d44a32344f5e657fd5331725e42a8526e4359e1cba78e76bea

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 10:36:08 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.GOLDBARVENTURES.N
14.4.2.14

File size:
278.4 KB (285,112 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\imagedownload\imagedownload.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
5/7/2013 5:00:00 PM

Valid to:
5/8/2014 4:59:59 PM

Subject:
CN=GOLDBAR VENTURES LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GOLDBAR VENTURES LTD, L=Afula, S=Northern, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
74F63A1ACAFBEBBF1E2B6E345C7472B9

File PE Metadata
Compilation timestamp:
2/12/2014 3:34:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:GLDOwa4YEeY0C3sZu3jS/AYIleIJAOPwZd3pQRVkJ8j8Qtj8Q1j8QGRWbT:YOwKq0C3sZgjSIS7x3f8BtB1BGgH

Entry address:
0x3580

Entry point:
55, 8B, EC, E8, 48, 76, 00, 00, E8, 03, 00, 00, 00, 5D, C3, CC, 55, 8B, EC, 6A, FE, 68, 50, 76, 42, 00, 68, C0, 8C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, E0, 53, 56, 57, A1, D4, 96, 42, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, E0, 00, 00, 00, 00, E8, 81, 79, 00, 00, 66, 89, 45, E4, 6A, 02, E8, 26, 75, 00, 00, 83, C4, 04, E8, 3E, 01, 00, 00, 89, 45, D4, E8, 86, 69, 00, 00, 85, C0, 75, 0A, 6A, 1C, E8, BB, 01, 00, 00, 83, C4, 04, E8, 43, 64, 00, 00, 85, C0, 75...
 
[+]

Entropy:
5.7413

Developed / compiled with:
Microsoft Visual C++

Code size:
113 KB (115,712 bytes)

The file imagedownload.exe has been discovered within the following program.

ImageDownload  by GoldBar Ventures LTD
ImageDownload injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.
goldbarventures.com
68% remove it
 
Powered by Should I Remove It?

Remove imagedownload.exe - Powered by Reason Core Security