Home / malware PUA:Win32/Reimage
First posted on 04 November 2016.
Source: MicrosoftAliases :
There are no other names known for PUA:Win32/Reimage.
Explanation :
Installation
This application can be downloaded from websites that offer third-party software downloads. For example, we have seen it downloaded from:
- cdnrep.reimage.com
- cdn.reimage.com
- dw12.uptodown.com
- cdnrep.reimageplus.com
- dw7.uptodown.com
We have seen this application use the following file names:
- ReimageRepair.exe
- ReimageRepair (1).exe
- ReimageRepair (2).exe
- ReimageRepair(1).exe
- reimagerepair.exe
- ReimageRepair (3).exe
- eFixPro.exe
- ReimageRepair (4).exe
- ReimageRepair (5).exe
It can be digitally signed by the following vendors:
- Reimage Limited
- Reimage Ltd
We have seen this application using product names such as:
- Reimage Repair
- Reimage reminder
- Reimage Protector Updater
- Reimage System Protection
- Reimage Protector Package
This application communicates with domains such as:
- cdn.anti-toolbar.com
- ukrep.reimage.com
- cdn.reimage.com
- www.virustotal.com
- cdnrep.efix.com
For example:
- cdn.anti-toolbar.com/AntiToolbar/wlst.rei
- ukrep.reimage.com/prot/ProtectorPackage2010x64a.exe
This description was published using automated analysis.Last update 04 November 2016
