home

INCMAIL.EXE

IncrediMail

Perion Network Ltd.

The executable INCMAIL.EXE, “IncrediMail Application” by Perion Network has been known to be a potentially unwanted program that has been detected by 1 anti-malware scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘IncrediMail’.
Publisher:
IncrediMail, Ltd.  (signed by Perion Network Ltd.)

Product:
IncrediMail

Description:
IncrediMail Application

Version:
6, 6, 0, 5273

MD5:
afb2b284a0614b52cc521d7f54840e4b

SHA-1:
563b8a0c5e1d271e1ee94ace0a8d08cd1e2fb710

SHA-256:
4d6be558ec084a4a2c14fdd2c69e588fc900e9376796b8db0f9c00a8124173d7

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 1:48:59 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.Startup.Perion.H
2013.7.26.22

File size:
434.4 KB (444,840 bytes)

Product version:
6, 6, 0, 5273

Copyright:
Copyright © 2002 IncrediMail, Ltd.

Original file name:
INCMAIL.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\incredimail\bin\incmail.exe

Digital Signature
Signed by:
Perion Network Ltd.

Authority:
VeriSign, Inc.

Valid from:
4/24/2012 2:00:00 AM

Valid to:
4/24/2015 1:59:59 AM

Subject:
CN=Perion Network Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Perion Network Ltd., L=Tel Aviv, S=Tel Aviv, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45F87694FE8D1984719796AEC8031DF4

File PE Metadata
Compilation timestamp:
7/18/2013 8:21:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:Y4GX9oNsj4wmMSahv5eyRTG7NlOh5sufjuBJZ:3Qzj4wppRih9ufj0

Entry address:
0x2A20E

Entry point:
E8, 15, 08, 00, 00, E9, DA, FC, FF, FF, FF, 25, 6C, 39, 43, 00, FF, 25, 74, 39, 43, 00, FF, 25, 78, 39, 43, 00, FF, 25, 7C, 39, 43, 00, FF, 25, 80, 39, 43, 00, FF, 25, 84, 39, 43, 00, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, FF, 74, 24, 10, 68, 66, A2, 42, 00, 68, 04, 46, 45, 00, E8, 61, 08, 00, 00, 83, C4, 18, C3, CC, FF, 25, 88, 39, 43, 00, 3B, 0D, 04, 46, 45, 00, 75, 02, F3, C3, E9, 4D, 08, 00, 00, 8B, C1, C7, 00, 34, B5, 43, 00, C2, 04, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57...
 
[+]

Code size:
200 KB (204,800 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IncrediMail

Command:
C:\Program Files\incredimail\bin\incmail.exe \c


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ams3.fbcdn.net  (31.13.91.6:443)

TCP (HTTP):
Connects to xpcs1.xprofiler.ch  (195.190.140.65:80)

TCP (HTTP):
Connects to server-54-230-187-168.cdg51.r.cloudfront.net  (54.230.187.168:80)

TCP (HTTP):
Connects to a173-222-109-19.deploy.static.akamaitechnologies.com  (173.222.109.19:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP):
Connects to e3-ha.ycpi.sgb.yahoo.com  (119.161.11.100:80)

TCP (HTTP):
Connects to server-54-192-185-69.cdg51.r.cloudfront.net  (54.192.185.69:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP):
Connects to ftpr.emv2.com  (193.25.198.219:80)

TCP (HTTP):
Connects to a173-222-108-177.deploy.static.akamaitechnologies.com  (173.222.108.177:80)

TCP (HTTP):
Connects to www1.lucinilucini.com  (85.94.197.200:80)

TCP (HTTP):
Connects to a23-50-103-244.deploy.static.akamaitechnologies.com  (23.50.103.244:80)

TCP (HTTP SSL):
Connects to server-54-230-92-56.fra2.r.cloudfront.net  (54.230.92.56:443)

TCP (HTTP):
Connects to a104-104-142-55.deploy.static.akamaitechnologies.com  (104.104.142.55:80)

TCP (HTTP):
Connects to 91.139.1.103.unknown.m1.com.sg  (103.1.139.91:80)

TCP (HTTP SSL):
Connects to server-54-230-94-65.fra2.r.cloudfront.net  (54.230.94.65:443)

TCP (HTTP):
Connects to server-54-230-187-63.cdg51.r.cloudfront.net  (54.230.187.63:80)

TCP (HTTP SSL):
Connects to server-54-230-186-241.cdg51.r.cloudfront.net  (54.230.186.241:443)

TCP (HTTP):
Connects to img.srv4.de  (193.169.180.81:80)

TCP (HTTP):
Connects to eu-em017.mktomail.com  (94.236.119.17:80)

Scan INCMAIL.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.