adv_77.exe

WinFix Pro

IMALI - N.I. MEDIA TD

The application adv_77.exe by IMALI - N.I. MEDIA TD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.winfixprofessionals.com and multiple other hosts.
Publisher:
WinFix®  (signed by IMALI - N.I. MEDIA TD)

Product:
WinFix Pro

Description:
WinFix Setup

Version:
1.006

MD5:
f10b40712c5c183ba0af66566389f025

SHA-1:
3b599ac1626a34fbe70b18d6054c2402911beacc

SHA-256:
4d2e0c9a552088514a1f8fed6b6b7812b363f4df3ecc379c4cea39f9af71f2a4

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 3:52:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Installer
15.2.22.2

File size:
402.9 KB (412,520 bytes)

Product version:
1.006

Copyright:
© WinFix 2014

Trademarks:
WinFix

Original file name:
WinFixPro.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\adv_77.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/13/2014 7:00:00 PM

Valid to:
12/16/2015 7:00:00 AM

Subject:
CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
017B4EC01F594ADE73E421BB2CDD9FE2

File PE Metadata
Compilation timestamp:
2/24/2012 2:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:B0gm073RTnE9YzewxnlkmyAfKVQi3eT+elOq81:uB0bNE0pnlkGfK1ON81

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.7879

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file adv_77.exe has been seen being distributed by the following 4 URLs.

Remove adv_77.exe - Powered by Reason Core Security