reimagepackage1803x64d.exe

Reimage Repair

Reimage Limited

The application reimagepackage1803x64d.exe by Reimage Limited has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from ukrep.reimage.com and multiple other hosts.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
Reimage Repair

Description:
Reimage Package

Version:
1.803

MD5:
47969474e7e7d0754de22eb4d28c9fd4

SHA-1:
087353dc044eeb0f1862c2473c65cd234a24ba5d

SHA-256:
fc5e36fd5671613de084dfb62517fe502b08394917d63e995de2ff0012cb1e52

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
12/26/2024 12:04:28 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider1.1621
9.0.1.014

ESET NOD32
Win32/ReImageRepair (variant)
9.11012

Reason Heuristics
PUP.Optional.ReimageLimited.W
15.1.14.21

Vba32 AntiVirus
AdWare.MSIL.OutBrowse
3.12.26.3

File size:
12.7 MB (13,347,728 bytes)

Product version:
1.803

Copyright:
© Reimage 2014

Trademarks:
Reimage

Original file name:
ReimagePackage.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temporary internet files\content.ie5\{random}\reimagepackage1803x64d.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/18/2014 9:00:00 PM

Valid to:
6/9/2016 8:59:59 PM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3F75B6FA72B8CDE336A61550C70978D2

File PE Metadata
Compilation timestamp:
2/24/2012 4:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
393216:zMGF0bBA2QB87yxK44sUEqWp+YuxHBALZpfUwIu7uLElWB0Pv:zxF0bS2GpxK44B7Wp+bxhAdBPPjWBCv

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file reimagepackage1803x64d.exe has been seen being distributed by the following 2 URLs.

Remove reimagepackage1803x64d.exe - Powered by Reason Core Security