ReimageRepair.exe

Reimage Repair

Reimage Limited

The application ReimageRepair.exe, “Reimage Downloader” by Reimage Limited has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Nullsoft Scriptable Install System installer. This file is typically installed with the program Reimage Protector by Reimage which is a potentially unwanted software program. This will display context specific advertisements in the browser as well as attempt to modify the browser's search provider. The file has been seen being downloaded from www.retinapost.com.
Publisher:
Reimage®  (signed by Reimage Limited)

Product:
Reimage Repair

Description:
Reimage Downloader

Version:
1.278

MD5:
4a3b0cc424976694701a19c3a8ca7445

SHA-1:
ba0fccf58af8856b691a99d64a1d12d64fbc074f

SHA-256:
bcf46cc037ac3153109e8b95dcb92c9a6e0abe232d0203d47ff490c7929c59fb

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
The installer may include an offer for the Babylon Toolbar (a homepage/search hijacker), which is potentially installed with minimal user consent.

Analysis date:
12/26/2024 12:25:54 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod547.Trojan
1.3.0.4613

Dr.Web
Adware.Plugin.171
9.0.1.0255

ESET NOD32
Win32/Toolbar.Babylon
8.9279

McAfee
Artemis!D566201EF927
5600.7219

NANO AntiVirus
Riskware.Nsis.Babylon.cvvuwk
0.28.0.59048

nProtect
Joke/W32.ArchSMS.286720
13.05.03.04

Reason Heuristics
PUP.Optional.ReimageLimited.N
14.9.12.17

Rising Antivirus
NS:PUF.SilenceInstaller!1.9DDF
23.00.65.14213

Trend Micro House Call
TROJ_GEN.F47V0122
7.2.46

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
749.8 KB (767,752 bytes)

Product version:
1.278

Copyright:
© Reimage 2013

Original file name:
ReimageRepair.exe

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Scriptable Install System

Common path:
C:\windows\temp\reimagerepair.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/11/2012 3:00:00 AM

Valid to:
5/4/2014 2:59:59 AM

Subject:
CN=Reimage Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Reimage Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
08242D065B8CE1035215AAA943CF9166

File PE Metadata
Compilation timestamp:
12/6/2009 12:50:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:z67ArQuS43EQVF+ZPPfnEUnsEWfXsbKZp0xBFpO0gcCre50ET3cfE/KyDYfmIWgK:zA63EJlvANcNRX0EwfE/pYfH2V

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9526  (probably packed)

Code size:
23.5 KB (24,064 bytes)

The file ReimageRepair.exe has been discovered within the following program.

Reimage Protector  by Reimage
The Reimage Protector service is designed to support Reimage, a purported PC optimization tool designed to 'fine-tune' the computer's registry.
www.reimageplus.com
67% remove it
 
Powered by Should I Remove It?

The file ReimageRepair.exe has been seen being distributed by the following URL.

Remove ReimageRepair.exe - Powered by Reason Core Security