setup_imgburn_2.5.8.0_dlm.exe

Kimuc

PremiumBeam (New Media Holdings Ltd.)

The application setup_imgburn_2.5.8.0_dlm.exe, “Kimuc Setup ” by PremiumBeam (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.sharemegatowers.com and multiple other hosts.
Publisher:
PremiumBeam (New Media Holdings Ltd.)  (signed and verified)

Product:
Kimuc

Description:
Kimuc Setup

Version:
1.1.2.8

MD5:
c62aacff57365475d3933844a77ee384

SHA-1:
059088e812c1aef244dba6f0480928d08eedec65

SHA-256:
cd8af604b56154d01052b7938c6ba4df881791ae8ca43610b1e2d3baa00c2587

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/29/2024 5:44:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH (M)
17.1.10.1

File size:
1.3 MB (1,322,944 bytes)

Product version:
5.1.1

Copyright:
File Program Installer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Common path:
C:\users\{user}\downloads\setup_imgburn_2.5.8.0_dlm.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/15/2016 2:32:02 PM

Valid to:
5/23/2017 5:45:10 PM

Subject:
CN=PremiumBeam (New Media Holdings Ltd.), O=PremiumBeam (New Media Holdings Ltd.), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11218480E9694D8FE5FFFE43B686304FC6EF

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xAA98

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 2E, 86, FF, FF, E8, 35, 98, FF, FF, E8, 9C, 9B, FF, FF, E8, B7, 9F, FF, FF, E8, 56, BF, FF, FF, E8, ED, E8, FF, FF, E8, 54, EA, FF, FF, 33, C0, 55, 68, 69, B1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 32, B1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, D0, 40, 00, E8, 26, F5, FF, FF, E8, EC, A0, FF, FF, 80, 3D, 34, C2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, 24, 93, FF, FF, 8D, 55, F0, 33, C0, E8, 66, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
40.5 KB (41,472 bytes)

The file setup_imgburn_2.5.8.0_dlm.exe has been seen being distributed by the following 5 URLs.

http://www.sharemegatowers.com/QKgxYNsTiehJhIF03zK263hW7sm5STxNa7sSj2GDBF7mMZee_QPGCatXu7hnvN1BBbvOvRN1bmSv4Lo6NWJ6YxTto0tVJrQpJSJy8e 43lTE8RRHoZu3nDlVNTKTtZgK4hGF57LijFeWSIeK0z25_Jvw6kYVNSBnCEo3EkdVXv8KbGjgset3zQKHUrb3EfzS8ITga6R50cdfAOB1QPw_rmQEjU ktT5MAKrilhQ2aydk6Wpk6d6BgeCS38nDqin5zliMYSM1327dBY9XBhju3_NyjCwQ_k1sNIcjDLs6FN_KaOMqlL0AxHayqyE kwoD0iuKHVLNsj0M9E_lMJxDHzLhniUcbjfnnezjL0QLazlGNlPHi6QgU8oyPTpunJyFisgsf9cHIu73mIHrES0rX3_BtF5e3ibkrAh1w9iKjkDKpbUeLFNQlqu0vfPU Ow 37avbmf0taSuZ fPeCmA_jL6w7GTfA==-G3gAAMSWW2tEBUU4w0IxNCPsuWme6uTA4fvhBwmoLeAcE8t5qONPRWLfeI0VNHMBgKCUjL2O lSYcs8XTZ0Jzy2mtLMNr_v5r04orpINH7MMY649 rHlaa7JIkCIAg==

http://www.sharemegatowers.com/1bLsSkQLabALhGVJaDk75KAxYwEtlmlUKpBWI99VugMGW S_NorKrerpz1gbGqeTc3zjYWdN GOgWHv6WCWOtAg2xYIoIl8JmoD7NhIbF01HIloUkNppol6af5Jk7LhiyWaPDABzPgQk64mUyunLVDAW9BEyNn3WF28mYrBVxFpuiwAieQZFmlsSMCS8BqEW7z83UoyYuSFKdfsKpqEsDrFzbZUnkOdQ_JaSHauPyJ4Cp6NRyCz7Z5qb2a8KIUdkv5ByxaRnuMIs_nV75pbkB3sp1_ ucGbUQNNOL5Pf0hUljROrQeqJsq5 AA5GqFsxNI1_mupFA4Jewb75c61dXikxP9qCe2Ngp2VHpssMElgCEsk1fPg5TGc2LZ2hgbimjlGytEoV0nIExdLhKK5Yc5f1Mw6wyD9PBKeSfngzJC2XfOcpUhScEKuv26JchRPcoAlNXkjJKd7HBm6edBg2UWA27Rta1Q==-G3gAAMRom60R52qeIVuBx5HdTjlwaAUl3nbgO17szkMdfyoS 8ZrrKA5KQAEpWQs28alwpT7PFC04wTPLSZpZ1mm_97mqggG95ah6V47H4I70xGaCaFDtyaVsRAr

http://www.sharemegatowers.com/aymBYE_9hoSanvVGUufoE8s1XSYYAxWFDR7Ykybo5uBbpGQXdL6vR cYG2kpCU7AY62ZGlDkYMAuOk5UpqXNhs8iM9xZmzjaJNsOi_UP7Fm10eTSg 7ZnTCrf_JMFMps53ad6UU_ JEBXQD1Gq 7RLXL1dvwDO ZGFVan4X1mqq4QRoQalz1A55t_UJZpgRX9r9l93gD3 dBrP7dt9xHTF8uo70b0fHuB9qOZbW A0CD4AlgRSZnlNGrAXLdFHsmseKRULg95xPBt00jzHTlVirDhpP_W0d0_6ckSCcoMor6H8tVHIu3nf_YtLbH68BgdlBSVcWYlhnOGfcuVMTofr78hfwr BUdS8m62Cg U46kQ582hkIsAvlWYZhy712FI_d_WWkoI4MCXOsYJC3jbil8H3C0yajy9ZjBvRgYtbyzJdjjeuy2EPZX iLdmpPlKaDWtC1HYtDFWDwcxrc_YWJvHZnxdg==-G3gAAMRsW2uLuHlzw0BoWgLwzNMKRaccOLSCEm878B0vduehjj8ViX3jNVbQzAQAQSkZuz1jqTDlni KOhOeW0xpZ1n3P69vKGFw72Y7H_2MsNZDpYrnmpnVEahiAQ==

http://www.sharemegatowers.com/9qu7pod8RTzx5na7kwNC e8zaZqHA5RkGIU3ihF37scTB3Mlafx HESm8vYisTQFwI4i Mnz6FTe_Fr0_xq0HtTymgl9vIQkbMpcTni8OYN9CuliWhwpaguoH4fIDRCgCw3616ZufA2aZ6JO4BcGRcSunOwzVSla5SE7Lrkt0ukQKikx xwk2XPoduPIdvCinzjrPOh5A5X2qSXxLMam9YBNlcJ5qrVnyZ r5EyFReBJN18Fm5oA3h_p0wOT7p9nB5NkBUKsmGvFZoKlBKhPL7kcBRgaoEpDEMWc7C3MQItESJOgwwKMulwEB DRC8dEn9gHw14hKrTHSVVug4VOVi6V7RaDq3YS57YcbYEZDwxfQAR0ynupBWQoNAbIMbKMXAxvdWc32Ipje ns0OVbgZ7pY_tKP9EMY9epeFGQAMdV6q41gyto3pRD32gkm4wLtxRhDYCh76zvG7MEN1w6ahZpsgOmrw==-G3gAAMRic619ZC6hewMOZqqTA4fvh1 8LeDcCiS3MR1fVIigF6 xivpjABgMpWAZk_pdWOX8FmRuYBKeW0xtZzbUx_iYTUhQ2oeHMuCO8LjjCMf2HbghNu1bTiQBbYU=

http://www.sharemegatowers.com/o3QAUse2g0gWOw9FTvIM6bBaMjCEycRwnlgaXyH7HcQql05JCM0UfcgPIyJIiGdm_PxJ_1LwzB6xQRvEDXdkFq4NnL5QbxOgUWwbaa6rkzhPoOrqlkKXF1Wv8jWp Kc1VNDytw_QQ6l_qpsSJHZujyh 4g6xpVDxN_TiHm8w4rktiGTy3R3l 3JbobDSuZa GTGrN0SbtvXbOltSP9sVwYCOrakiaVfNjN_l8V2k5zEtdE9GiqpSOBu9JwfXMLtPreXLaHuSuNPOZ74RAvcoh3_qL_iEuTVMBGkEcvPHAtv6Z84kScVx_nLUyEvdlEy6fBBrm9PAG4sQ34Da1wnHQL6nb9Y_4lYr9NJbG5Pjm BY jP6zqM9bpIYnpbOfBLE3sVSAMHN36wNdTHkcjAhZ_RrRZFh9bVePY TdX8FaJyOT1AhNwh8nfZxCzXhBr9HSZaF545J16o0HMK6TsZBMesRuXCJiw==-G3gAAMRsW2uLujFgI1CCxe7twbN43qFTDhxaQYm3HfiOF7vzUMefisS 8RoraNYGAEEpGbvf41dhyr0e9GxMeG4xpZ1dD_tczpcwuPc0RBStMvxiyTxTVLcEa9GKegU=

Remove setup_imgburn_2.5.8.0_dlm.exe - Powered by Reason Core Security