home

IncrediMail, Inc.

Publisher Information

IncrediMail, Inc. is a software developer located in Redmond, Washington in the United States*. Thre are 2 additional code signing certificates issued to this publisher.
Authority:
Symantec Corporation

Valid from:
3/4/2015 12:00:00 AM

Valid to:
3/4/2017 11:59:59 PM

Subject:
CN="IncrediMail, Inc.", OU=GuardBox, O="IncrediMail, Inc.", L=Redmond, S=Washington, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0a94d8a33b5a91604406868292af29e7

Status:
Inconclusive detections from multiple engines

Scan engine
Details
Detections

Reason Heuristics
Threat.Win.Reputation.IMP, PUP.Perion.Guardbox, PUP.Conduit.ClientConnect, PUP.ClientConnect
57.14%

Bkav FE
W32.HfsAdware, W64.HfsAdware
47.62%

Dr.Web
Adware.Conduit.411
42.86%

Avira AntiVirus
PUA/SearchProtect.Gen
28.57%

avast!
Win32:Adware-gen [Adw], Win32:BHO-APG [Adw], Win32:SearchProtect-CA [Adw]
23.81%

Trend Micro House Call
Suspicious_GEN.F47V0516, Suspicious_GEN.F47V0514, Suspicious_GEN.F47V0501, Suspicious_GEN.F47V0429
19.05%

IKARUS anti.virus
PUA.Conduit.SearchProtect, PUA.ClientConnect
19.05%

Kaspersky
not-a-virus:AdWare.Win32.Agent
19.05%

ESET NOD32
Win32/Conduit.SearchProtect.AF potentially unwanted application
14.29%

Fortinet FortiGate
Riskware/Conduit_SearchProtect
14.29%

1 / 68      (PUP)
node.exe (Guardbox by IncrediMail)  (93197edf87559095da9957dc03bde9b4)

1 / 68      (PUP)
node.exe (Guardbox by IncrediMail)  (93197edf87559095da9957dc03bde9b4)

0 / 68
apihandler.node (Guardbox by IncrediMail)  (eb22aa5d389a8d8d8686f573de3d0cb0)

0 / 68
guardbox.exe (Guardbox by IncrediMail)  (7851164d0a8b50e09231fb22362162ca)

0 / 68
guardboxch.exe (Guardbox by Perion)  (7474fce7c9301e75cdeefabfd6b26773)

0 / 68
chromeinline.dll (TODO: <Product name> by TODO: <Company name>)  (b390a1293adf9a888e70aaf9b1169deb)

0 / 68
guardbox.exe (Guardbox by IncrediMail)  (3f1042d5ad7317cc5313281083d48922)

0 / 68
Manager.dll (IMS by (C) 2015 IncrediMail)  (44ca554674ee4cba6d429c49a680c9ec)

0 / 68
guardbox.exe (Guardbox by IncrediMail)  (f795fdd886b60232b8d1efedaecb5ba8)

0 / 68
incredimailch.exe (IncrediMail by Perion)  (8137a25c5f98c157d54f975f8413b574)

1 / 68      (PUP)
node.exe (Guardbox by IncrediMail)  (93197edf87559095da9957dc03bde9b4)

0 / 68
guardbox.exe (Guardbox by IncrediMail)  (fc5f9349bdedbd4383c928e35abbae09)

1 / 68      (PUP)
guardboxapp.exe (Guardbox by IncrediMail)  (c8a56db9739f7cf9b097dba47ba316c6)

0 / 68
guardboxie.exe (Guardbox by Perion)  (4fb39749919fc45ce225dbbf661471fb)

0 / 68
desktopapplication.dll  (8f721273e2a448dcd4ede87084941133)

0 / 68
guardboxie.exe (Guardbox by Perion)  (7ab077dabf4fa1fc4d289bd52f2312c8)

0 / 68
Manager.dll (IMS by (C) 2015 IncrediMail)  (b6ef5737e2b3f096c96d5b6604c54f5e)

0 / 68
myonesearch.exe (MyOneSearch by IncrediMail)  (e6ea407178752441f480c42ba37a590c)

0 / 68
firefoxsetup.exe (Firefox by Perion)  (6fb8b07c7fb41abc716ff8f4d826d2fe)

0 / 68
guardboxch.exe (Guardbox by Perion)  (2605d48bb621a1d82671c8e761e82cfb)

0 / 68
guardbox.exe (Guardbox by IncrediMail)  (11f36bf7eb11bdeac64da4ac2aac2682)

0 / 68
hollow_si.exe (hollow_SI by Perion)  (141bdba638a03ffe1e39535f26ded619)

0 / 68
messaginghost.exe (Guardbox by IncrediMail)  (47b487374992beaf24dc4fdd433421e0)

1 / 68      (PUP)
webhandlerloader64.dll (Guardbox by IncrediMail)  (f818fee142e9dadf7c3b35d65908be3c)

0 / 68
webhandlerloader.dll (Guardbox by IncrediMail)  (e73830921e40e1662b0a8595f88e872f)

0 / 68
webhandler64.dll (Guardbox by IncrediMail)  (0c0c270b9a40b2f0996c6f49402f8334)

0 / 68
webhandler.dll (Guardbox by IncrediMail)  (18d363068a7b2a993bfbc43354c83b22)

1 / 68      (Malware)
gbmgr64.exe (Guardbox by IncrediMail)  (dcd1e514d6932037181ff8b6993c32ec)

0 / 68
apihandler.node (Guardbox by IncrediMail)  (bd89e1af8649825932b82f502aca7c4b)

0 / 68
guardboxapp.exe (Guardbox by IncrediMail)  (e22fd6c3dbf5b1993b33f1f55f5f1311)

 
Latest 30 of 227 files

Downloads URLs for files signed by IncrediMail, Inc..

0 / 68
http://downloft.com/.../download_sp.php  (guardboxch.exe)

0 / 68
http://gbstorage.stgbssint.com/AutoUpdate/.../Guardbox.exe  (3f1042d5ad7317cc5313281083d48922)

0 / 68
http://gbstorage.stgbssint.com/Installer/.../Guardbox.exe  (655a6f2cb95495cfe2956f789657cc4f)

1 / 68
http://downloft.com/.../download_sp.php  (guardboxch.exe)

The following websites host and distribute files published by IncrediMail, Inc..

gbstorage.stgbssint.com

downloft.com

The certificates below are also signed by IncrediMail, Inc..

1530D5A53D788F05F7FE4F109407DB21  (Jan 09, 2016 to Jan 10, 2018)

773EB28745FDBD32B777CCD4FBF09BED  (Feb 23, 2015 to Feb 24, 2017)

The following publishers (by Authenticode signature organization name) are related.

ClientConnect LTD

* Note, the details and description above are based on the code signing digital signature issued to IncrediMail, Inc. by Symantec Corporation on March 04, 2015 with the serial number '0a94d8a33b5a91604406868292af29e7'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.