imgburnv2570.exe

ImgBurn v2.5.7.0

AfterDawn

The application imgburnv2570.exe, “ImgBurn v2.5.7.0 Setup” by AfterDawn has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from stub.inst.avg.com and multiple other hosts.
Publisher:
Afterdawn.com  (signed by AfterDawn)

Product:
ImgBurn v2.5.7.0

Description:
ImgBurn v2.5.7.0 Setup

Version:
1,18,0,2810

MD5:
9afad37456089ea0611fdeea35a11c0b

SHA-1:
8a60c2aa2906a53dbfe3a5583a95f3961c437fd5

SHA-256:
d066af13223f3e9db2da865006f1171acbd55e7ac85dfc61fcbdf1d339a24dd0

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Includes Open Install, an installer which bundles legitimate programs with offers for additional 3rd-party applications that may be unwanted by the user.

Analysis date:
11/24/2024 3:02:08 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1348
9.0.1.05190

ESET NOD32
Win32/OpenInstall potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.188.14484

Reason Heuristics
PUP.Installer.AfterDawn.M
14.12.29.10

Sophos
PUA 'Open Install'
5.09

Trend Micro House Call
HV_A0OCZOJ_BK083E49.TOMC
7.2.363

File size:
361.6 KB (370,248 bytes)

Product version:
1,18,0,2810

Copyright:
Copyright © 2012

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\imgburnv2570.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/12/2013 2:00:00 AM

Valid to:
2/13/2015 1:59:59 AM

Subject:
CN=AfterDawn, O=AfterDawn, STREET=Temmeksentie 3, L=Oulu, S=Oulu, PostalCode=90400, C=FI

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6C8E492A1BE6BBF1BED872D138C21345

File PE Metadata
Compilation timestamp:
8/14/2012 4:05:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:gIl12U1csNzbGkVQoM4cMQwzwvKHHNcvhpFA6HNKMPpQpvGImVQxk2:gIl12U1hPq2AwzwyHHWv3FA6HN7PcO1g

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 18, 04, 00, 00, 53, 56, 57, BE, A4, 30, 40, 00, 8D, BD, E8, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F6, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E8, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, F0, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, F2, FD, FF, FF, F3, AB, 66, AB, 8D, 85, F0, FD, FF, FF, 50, 8D, 85, E8, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, E8, 0F, 01, 00, 00, 84, C0, 59, 59, 74, 15, 8D, 75, F8, 8D, BD, F0, FD, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file imgburnv2570.exe has been seen being distributed by the following 3 URLs.

Remove imgburnv2570.exe - Powered by Reason Core Security