» imsetup.exe
Overview
Analysis
File Details
Downloads (1)

imsetup.exe

The application imsetup.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from www.4sinstalls.info.

File name:

imsetup.exe

MD5:

e8ae41ba36b6dd7aa6736280cb9c7e8d

SHA-1:

ec8a5f10851ed4cbebe15b25afdc3bbddffef772

SHA-256:

9f99a5f2ec017d4b010aca7d38c8a541b7701885c22bae4324e2bc4a5dba5873

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/8/2025 8:03:18 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-131225

Baidu Antivirus

Trojan.Win32.InstallMonetizer

4.0.3.131225

Bkav FE

W32.Clod64c.Trojan

1.3.0.4613

Dr.Web

Trojan.DownLoader9.9637

9.0.1.0359

ESET NOD32

Win32/InstallMonetizer.AL

7.9244

G Data

Win32.Trojan.Agent.WRJPEF

13.12.22

K7 AntiVirus

Trojan

13.174.10720

McAfee

RDN/Generic.bfr!fa

5600.7270

Norman

Troj_Generic.QZPSY

11.20131225

Panda Antivirus

Suspicious file

13.12.25.03

Sophos

Mal/Generic-S

4.96

SUPERAntiSpyware

Trojan.Agent/Gen-Qbot

10886

Trend Micro House Call

TROJ_GEN.R0CCC0OLQ13

7.2.359

Trend Micro

TROJ_GEN.R0CCC0OLQ13

10.465.09

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

25042

File size:

51.6 KB (52,838 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\imsetup.exe

File PE Metadata

Compilation timestamp:

12/6/2009 1:50:52 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:ApgpHzb9dZVX9fHMvG0D3XJ+6of20mIc7Zf:WgXdZt9P6D3XJ+6oO0o7Zf

Entry address:

0x30FA

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.1131

Code size:

23.5 KB (24,064 bytes)

The file imsetup.exe has been seen being distributed by the following URL.

http://www.4sinstalls.info/.../IMSetup.exe

Remove imsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.