sdg1d0.exe

Installer

IMALI - N.I. MEDIA TD

The application sdg1d0.exe by IMALI - N.I. MEDIA TD has been detected as adware by 12 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
IMALI - N.I. MEDIA TD  (signed and verified)

Product:
Installer

Version:
1.0.0.0

MD5:
96d9ccfe471cf2b027255875e9847fdc

SHA-1:
6488cfc17f22b9d7b835f6b17b91eb5960004558

SHA-256:
60dc53bc602e94597f8a99dbc6cf3f4396b696f7603ca469ecdc34b05ec2d213

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Part of the Conduit/ClientConnect toolbar/extension distribution.

Analysis date:
12/24/2024 3:48:37 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Downloader
2014.11.27

Avira AntiVirus
APPL/Imali.jhg
7.11.189.0

Comodo Security
UnclassifiedMalware
20199

Fortinet FortiGate
Riskware/Agent
1/8/2015

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.2674

McAfee
Artemis!96D9CCFE471C
5600.6892

Panda Antivirus
Trj/Chgt.L
15.01.08.04

Qihoo 360 Security
Win32/Virus.Downloader.8e5
1.0.0.1015

Reason Heuristics
PUP.Optional.Installer
15.1.16.10

Total Defense
Win32/Tnega.bLJSAKD
37.0.11299

Trend Micro House Call
Suspicious_GEN.F47V1119
7.2.8

VIPRE Antivirus
Conduit
35144

File size:
412.9 KB (422,856 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
FinalInstaller.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\sdg1d0.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
8/13/2014 7:00:00 PM

Valid to:
8/14/2015 6:59:59 PM

Subject:
CN=IMALI - N.I. MEDIA TD, OU=online media, O=IMALI - N.I. MEDIA TD, STREET=reines 50, L=tel-aviv, S=tel-aviv, PostalCode=64587, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0093FCE354B4016AD3D34DEC6ADB0B6F35

File PE Metadata
Compilation timestamp:
11/18/2014 1:00:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:+lgZwgVxGq86oH/MKvnolgl5mJ0ftREpA:+lgZOqgFoul5mJ0vE2

Entry address:
0x6558E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7373

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
397.5 KB (407,040 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove sdg1d0.exe - Powered by Reason Core Security