» imagedownload.exe
Overview
Analysis
File Details
Programs (1)

imagedownload.exe

GOLDBAR VENTURES LTD

The application imagedownload.exe by GOLDBAR VENTURES has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ImageDownload by GoldBar Ventures LTD which is a potentially unwanted software program.

File name:

imagedownload.exe

Publisher:

GOLDBAR VENTURES LTD (signed and verified)

MD5:

66109753ff1731b97f701aa0b1b13627

SHA-1:

f2494a4a46a0ea717e7f8738feb4972937253218

SHA-256:

30a2edf70371c3d44a32344f5e657fd5331725e42a8526e4359e1cba78e76bea

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/24/2024 6:29:04 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.GOLDBARVENTURES.N

14.4.2.14

File size:

278.4 KB (285,112 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\imagedownload\imagedownload.exe

Digital Signature

Signed by:

GOLDBAR VENTURES LTD

Authority:

VeriSign, Inc.

Valid from:

5/7/2013 5:00:00 PM

Valid to:

5/8/2014 4:59:59 PM

Subject:

CN=GOLDBAR VENTURES LTD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=GOLDBAR VENTURES LTD, L=Afula, S=Northern, C=IL

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

74F63A1ACAFBEBBF1E2B6E345C7472B9

File PE Metadata

Compilation timestamp:

2/12/2014 3:34:03 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:GLDOwa4YEeY0C3sZu3jS/AYIleIJAOPwZd3pQRVkJ8j8Qtj8Q1j8QGRWbT:YOwKq0C3sZgjSIS7x3f8BtB1BGgH

Entry address:

0x3580

Entry point:

55, 8B, EC, E8, 48, 76, 00, 00, E8, 03, 00, 00, 00, 5D, C3, CC, 55, 8B, EC, 6A, FE, 68, 50, 76, 42, 00, 68, C0, 8C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, E0, 53, 56, 57, A1, D4, 96, 42, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, E0, 00, 00, 00, 00, E8, 81, 79, 00, 00, 66, 89, 45, E4, 6A, 02, E8, 26, 75, 00, 00, 83, C4, 04, E8, 3E, 01, 00, 00, 89, 45, D4, E8, 86, 69, 00, 00, 85, C0, 75, 0A, 6A, 1C, E8, BB, 01, 00, 00, 83, C4, 04, E8, 43, 64, 00, 00, 85, C0, 75... 
[+]

Entropy:

5.7413

Developed / compiled with:

Microsoft Visual C++

Code size:

113 KB (115,712 bytes)

The file imagedownload.exe has been discovered within the following program.

ImageDownload by GoldBar Ventures LTD

ImageDownload injects advertising in the user's Internet browser by running as an extension and/or add-on. Ads are delivered in the form of search-related ads, banner and video ads, and text-links (roll-overs) as well as some popup ads.

goldbarventures.com

68% remove it

Remove imagedownload.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.