» imgrdwnld.exe
Overview
Analysis
File Details
Programs (2)
Downloads (1)

imgrdwnld.exe

Image Plugin

Snap-on Business Solutions Inc.

The program is a setup application that uses the InstallShield Setup installer. This is installed with multiple programs including GM Global Local Database and Opel Vauxhall EPC. The file has been seen being downloaded from pqsv28265.

File name:

imgrdwnld.exe

Publisher:

Snap-on Business Solutions (signed by Snap-on Business Solutions Inc.)

Product:

Image Plugin

Description:

Setup Launcher

Version:

3.03.0226

MD5:

070e3ba16a44c41e88ea70636dbced9c

SHA-1:

3f9f4926ea9eab615ecf04d05c1dc9002c47aa48

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/24/2024 11:26:06 PM UTC (a few moments ago)

File size:

6.3 MB (6,630,552 bytes)

Product version:

3.03.0226

Original file name:

Setup.exe

File type:

Executable application (Win32 EXE)

Installer:

InstallShield Setup

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\imgrdwnld.exe

Digital Signature

Signed by:

Snap-on Business Solutions Inc.

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

5/2/2008 5:55:47 PM

Valid to:

5/16/2009 3:36:58 PM

Subject:

CN=Snap-on Business Solutions Inc., OU="Snap-on Business Solutions, Inc.", O=Snap-on Business Solutions Inc., L=Richfield, S=Ohio, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

430F2CE4952581BF5BA4F2DFF6B24D17

File PE Metadata

Compilation timestamp:

2/28/2007 5:02:54 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:IAAkpFZIXBdEFV1MoXNdmJiV2mYqFi8Py8g7dUmnMg9W5CPuSbvs:IAvIEj1Mo9dpPY+PVg6mV9uCWSA

Entry address:

0x28171

Entry point:

55, 8B, EC, 6A, FF, 68, A0, 50, 43, 00, 68, 78, B3, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 7C, 41, 43, 00, 33, D2, 8A, D4, 89, 15, 34, 32, 44, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 30, 32, 44, 00, C1, E1, 08, 03, CA, 89, 0D, 2C, 32, 44, 00, C1, E8, 10, A3, 28, 32, 44, 00, 6A, 01, E8, 30, 1F, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 3B, 10, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

204 KB (208,896 bytes)

The file imgrdwnld.exe has been discovered within the following programs.

GM Global Local Database by Snap-on Business Solutions

www.snaponbusinesssolutions.com

About 2% of users remove it

Opel Vauxhall EPC by Snap-on Business Solutions

About 1% of users remove it

The file imgrdwnld.exe has been seen being distributed by the following URL.

http://pqsv28265:351/PQMace/.../imgrdwnld.exe

Scan imgrdwnld.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.