toolbar8984877.exe

Iminent

Iminent.com

The application toolbar8984877.exe has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.outbrowse.com.
Publisher:
Iminent.com

Product:
Iminent

Version:
1.0

MD5:
241c91184446827d54cfc88756b842f3

SHA-1:
de001a716cbe4aacfcc48a81f64bda769b0a5818

SHA-256:
78f690fceb202146a4437fc1fc0fa2713b6dd28361adfd90aa936fd4c640347d

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/4/2024 5:02:39 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.OutBrowse
4.0.3.131223

Comodo Security
TrojWare.Win32.Agent.oeva
17076

Dr.Web
Adware.BGuard.13
9.0.1.0357

ESET NOD32
Win32/OutBrowse
7.8894

Reason Heuristics
PUP.Iminent.O
14.2.16.5

VIPRE Antivirus
Iminent
22224

File size:
822.1 KB (841,869 bytes)

Copyright:
© Iminent

Trademarks:
Iminent.com

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\toolbar8984877.exe

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:VsEkIhivZTn/Pb5c678m+C3TWPTDjtWt5:4IMF9ZwmF3qPTDBWt5

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file toolbar8984877.exe has been seen being distributed by the following URL.

Remove toolbar8984877.exe - Powered by Reason Core Security