IMPCNT.EXE

ImpCnt.exe Application

Perion Network Ltd.

The executable IMPCNT.EXE, “IncrediMail Content Importer” by Perion Network has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner.
Publisher:
IncrediMail, Ltd.  (signed by Perion Network Ltd.)

Product:
ImpCnt.exe Application

Description:
IncrediMail Content Importer

Version:
6, 6, 0, 5288

MD5:
546f142dc5901fada5e83e8a70d2625e

SHA-1:
d2c5f99eb1ea24da31a2882afacf80c48465f42d

SHA-256:
88e8e711ac6194f9e9f9d3eedd65fbb7ae37ac17b4a46b94288e795eb5d38461

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/25/2024 7:10:38 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.PerionNetwork.G
2013.7.26.22

File size:
110.4 KB (113,064 bytes)

Product version:
6, 6, 0, 5288

Copyright:
Copyright © 2002 IncrediMail, Ltd.

Original file name:
IMPCNT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\incredimail\bin\impcnt.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/24/2012 2:00:00 AM

Valid to:
4/24/2015 1:59:59 AM

Subject:
CN=Perion Network Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Perion Network Ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45F87694FE8D1984719796AEC8031DF4

File PE Metadata
Compilation timestamp:
10/1/2013 1:41:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:KRyt8/D2pETdNz5tnSv4J2QzmRKyXIvihIA1VjOvAlYyyLYvuq3:K/JTdNzbEo7CAlYOvuz3

Entry address:
0x9AD8

Entry point:
E8, 0D, 05, 00, 00, E9, DA, FC, FF, FF, 8B, C1, C7, 00, 04, EB, 40, 00, C2, 04, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, B2, A1, 40, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 80, 01, 00, 00, F6, C3, 01, 74, 07, 57, E8, D4, F7, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, 8F, 06, 00, 00, F6, C3, 01, 74, 07, 56, E8, BE, F7, FF, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, 8B, C1, C2, 04, 00, CC, FF, 25, E8, C6, 40, 00, 3B, 0D, BC, 25, 41, 00, 75, 02, F3, C3, E9, 2D, 05, 00, 00, CC, FF, 25, E4, C6, 40, 00...
 
[+]

Code size:
44 KB (45,056 bytes)

Windows Firewall Allowed Program
Name:
C:\Programme\IncrediMail\bin\ImpCnt.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-194-5-41.eu-west-1.compute.amazonaws.com  (54.194.5.41:80)

TCP (HTTP):
Connects to ec2-52-48-52-62.eu-west-1.compute.amazonaws.com  (52.48.52.62:80)

TCP (HTTP):
Connects to a2-16-4-178.deploy.akamaitechnologies.com  (2.16.4.178:80)

Scan IMPCNT.EXE - Powered by Reason Core Security