setup.exe

WinISO

ZJMedia Digital Technology Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is installed with the program WinISO. The file has been seen being downloaded from 61.222.3.60 and multiple other hosts.
Publisher:
WinISO Computing Inc.  (signed by ZJMedia Digital Technology Ltd.)

Product:
WinISO

Description:
WinISO Installer

Version:
6.3.0.4905

MD5:
ffe131a36defcc2054e7478f15ba6f75

SHA-1:
8588e0a8c76facedb15e9bc1dfb7c58404d40620

SHA-256:
3af0ffef5beddcd906f5ac52a89a9b70834c79b0123623e2adcaed5206e7466b

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/27/2024 7:28:08 AM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.Ramnit.cspjsp
0.28.0.57380

File size:
6.7 MB (7,011,488 bytes)

Product version:
6.3.0.4905

Copyright:
Copyright © 2001-2013 WinISO Computing Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\Program Files\winiso computing\winiso\setup\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/27/2012 8:00:00 AM

Valid to:
3/27/2015 7:59:59 AM

Subject:
CN=ZJMedia Digital Technology Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ZJMedia Digital Technology Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56D66525B91E3CF6EBB314404CE3B071

File PE Metadata
Compilation timestamp:
4/10/2010 8:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:1MNnpS2rQnelFLLbCGRt6Hqf0LC9sV7DuYHemav0zd+ZsWCBkQ0rfL:1M1pS2rRFLLxySf2+Syvi+mFSL

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9990

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file setup.exe has been discovered within the following program.

WinISO  by WinISO Computing Inc.
Publisher's description - “With WinISO, you can easily add, delete, rename, and extract file(s) within original image files. It can also burn ISO image file to CD/DVD/Blu-ray Disc and mount ISO image files. Furthermore, it supports burning image files on-the-fly.”
www.winiso.com/products/standard.html
4% remove it
 
Powered by Should I Remove It?

The file setup.exe has been seen being distributed by the following 2 URLs.

http://61.222.3.60/ce86e5f77eb7d366dc588a44c8cb6570/softking/soft/sale/.../winiso.exe

Scan setup.exe - Powered by Reason Core Security