home

IMAPP.EXE

IncrediMail

Perion Network Ltd.

The executable IMAPP.EXE, “IncrediMail Tray Application” by Perion Network has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner. While running, it connects to the Internet address s2.incredimail.com on port 80 using the HTTP protocol.
Publisher:
IncrediMail, Ltd.  (signed by Perion Network Ltd.)

Product:
IncrediMail

Description:
IncrediMail Tray Application

Version:
6, 6, 0, 5273

MD5:
137fb519efaa187e3d8136ddb15a2447

SHA-1:
36174e275623f80b6b32e3e51db6426fa3cd9dd1

SHA-256:
4aaec0aa2a5110174fe20d943fd823e8dc07a874c711e1dfe8d6afc28c9c8457

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 5:08:39 AM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.PerionNetwork.F
2013.7.26.21

File size:
290.4 KB (297,384 bytes)

Product version:
6, 6, 0, 5273

Copyright:
Copyright © 2002 IncrediMail, Ltd.

Original file name:
IMAPP.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\incredimail\bin\imapp.exe

Digital Signature
Signed by:
Perion Network Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/24/2012 2:00:00 AM

Valid to:
4/24/2015 1:59:59 AM

Subject:
CN=Perion Network Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Perion Network Ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45F87694FE8D1984719796AEC8031DF4

File PE Metadata
Compilation timestamp:
7/18/2013 7:59:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:/At0U+mWvvguJFEvEt1bPmdh7VKEkIIgvgJlSoDfacdgu2sQu/OFNOfT9zkKotZC:YtDYt1Tmh7VKEeSDYD/OHee0VOQywS6

Entry address:
0x20534

Entry point:
E8, 1F, 07, 00, 00, E9, DA, FC, FF, FF, FF, 25, 10, 68, 42, 00, 3B, 0D, 38, A9, 43, 00, 75, 02, F3, C3, E9, 99, 07, 00, 00, 8B, C1, C7, 00, 58, E1, 42, 00, C2, 04, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 26, 0E, 42, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, AC, 01, 00, 00, F6, C3, 01, 74, 07, 57, E8, 93, F7, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, 92, 08, 00, 00, F6, C3, 01, 74, 07, 56, E8, 7D, F7, FF, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, 8B, C1, C2, 04, 00, FF, 25, 28, 68, 42, 00, FF, 25...
 
[+]

Code size:
148 KB (151,552 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (POP3):
Connects to host.cresenture.sg  (103.23.79.171:110)

TCP (HTTP):
Connects to s2.incredimail.com  (82.80.204.12:80)

TCP (HTTP):
Connects to a104-118-7-32.deploy.static.akamaitechnologies.com  (104.118.7.32:80)

TCP:
Connects to we-in-f108.1e100.net  (173.194.66.108:993)

TCP:
Connects to wb-in-f109.1e100.net  (66.102.1.109:993)

TCP:
Connects to virtual0.mx.freenet.de  (195.4.92.9:143)

TCP:
Connects to pop3.web.de  (212.227.17.177:995)

TCP:
Connects to fa-in-f108.1e100.net  (173.194.70.108:993)

TCP (HTTP):
Connects to ec2-54-194-5-41.eu-west-1.compute.amazonaws.com  (54.194.5.41:80)

TCP (HTTP):
Connects to cen.incredimail.com  (82.80.204.5:80)

TCP (HTTP):
Connects to a95-101-82-10.deploy.akamaitechnologies.com  (95.101.82.10:80)

TCP (HTTP):
Connects to a173-222-108-226.deploy.static.akamaitechnologies.com  (173.222.108.226:80)

TCP (HTTP):
Connects to a173-222-108-147.deploy.static.akamaitechnologies.com  (173.222.108.147:80)

TCP (HTTP):
Connects to a104-118-7-33.deploy.static.akamaitechnologies.com  (104.118.7.33:80)

Scan IMAPP.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.