home

winsys

Publisher Information

winsys is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 3 additional code signing certificates issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
9/4/2013 9:00:00 AM

Valid to:
9/5/2015 8:59:59 AM

Subject:
CN=winsys, OU=Dev. Team, O=winsys, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
53e706a67c7d616dd8a05245e798a712

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.winsys, PUP.Installer.winsys, PUP.winsys (M), PUP.winsys.Installer (M), PUP (M)
100.00%

K7 AntiVirus
Adware
16.00%

ESET NOD32
Win32/AdWare.KeywordFind (variant)
16.00%

Fortinet FortiGate
Riskware/KeywordFind
16.00%

F-Prot
W32/Themida_Packed
14.00%

avast!
Win32:Adware-gen [Adw]
14.00%

McAfee
Artemis!4B014DBAC755, Artemis!C5F50BAAC550, Artemis!7D5D278E4615, Artemis!0D18883E1756, Artemis!06ABD694F5A5, Artemis!7FC10C2D2A57
12.00%

Trend Micro House Call
TROJ_GEN.R03EC0EAV15, TROJ_GEN.R02SC0EAV15, TROJ_GEN.R00GC0EC915, TROJ_GEN.R047C0EBO15, Suspicious_GEN.F47V0305
12.00%

Sophos
Generic PUA AN, Generic PUA PO, Generic PUA PB, Generic PUA NO, Generic PUA FG, Generic PUA HA (PUA)
12.00%

VIPRE Antivirus
Backdoor.Win32.Ircbot.gen, Backdoor.Graybird
12.00%

1 / 68      (Adware)
setup-up.exe  (7f9fb7549ed6c8237ee662520d89ad95)

1 / 68      (Adware)
windgdo.dll  (d1f4f0628184b135acda6a5cdce9144a)

1 / 68      (Adware)
windgdo.dll  (42668c9f88627fbd916bbe4905afb0fa)

1 / 68      (Adware)
26854  (7152ef6fc3e75146224c436086fcce9c)

1 / 68      (Adware)
windgdoj.dll  (3ad17894b557132efe5d9bd2811b9232)

1 / 68      (Adware)
windgdoc.exe  (88d508ecd1acb35f89d884ef518aca14)

1 / 68      (Adware)
windgdo.dll  (ba5bacefa0c51be39439acf510c7ad06)

1 / 68      (Adware)
windgdo.dll  (3d7acdbf97ec52de8968ac2a2e9cbd16)

1 / 68      (Adware)
windgdo.dll  (992258cfbcbb88cb09ebc196e717412f)

1 / 68      (Adware)
setup_wdg.exe  (11577a5df978b94b3a866eca3e78f1ea)

1 / 68      (Adware)
74997  (3beb0eea59422df40a601f5c62a2400b)

1 / 68      (Adware)
windgdotm7_4646  (2d548e7b3b5d7357498fcc67f5bea2dc)

1 / 68      (Adware)
windgdotm4_4646  (09a36fe16ccd92ec3f641329c86a4a66)

1 / 68      (Adware)
setup.exe  (5cf9810fd0f3a9c52c9a3630d8108efa)

1 / 68      (Adware)
36155  (64bd7084b2f3f0f0d82d603780a2dab4)

1 / 68      (Adware)
windgdo.dll  (3dfb9c3daca0376006dce371bc406713)

1 / 68      (Adware)
setup_wdg.exe  (51d553785e4b497d39f195a664c47bfd)

1 / 68      (Adware)
windgdoj.dll  (5dafe45abc9dab4df11212f3f372defb)

1 / 68      (Adware)
setup_wdg.exe  (b68c3ece39348fafc0cb38853621bd75)

1 / 68      (Adware)
setup_up.exe  (e06c9575a5349968c37f6cfe009ab1e8)

1 / 68      (Adware)
windgdo.dll  (21fb55242019ab8a1e09694f76432991)

1 / 68      (Adware)
windgdoj.dll  (5061839244c2073a09cfaa4c74d02a60)

1 / 68      (Adware)
windgdo.dll  (d17f4754e0f7b42b6de86c5b1049b1bd)

1 / 68      (Adware)
windgdo.dll  (0c8ca2fd74bdb2464dd474c5a7bea41d)

1 / 68      (Adware)
windgdo.dll  (c3e7239a0adabdffbabdabd7ea7df5e4)

1 / 68      (Adware)
windgdotm4_4306  (cb41f68e7dc36cfaa8f1808e657781c8)

7 / 68      (Adware)
windgdou.exe  (cb5560d6be42bd9542c25946a2a25f4c)

1 / 68      (Adware)
windgdo.dll  (a25d8bff929a6b7cd13ef704aa1e0749)

1 / 68      (Adware)
windgdo.dll  (1ff07ff117701ed37535dcf0c69f249f)

1 / 68      (Adware)
windgdoj.dll  (a3ac87aa589c16bc73685f5c5682341b)

 
Latest 30 of 68 files

Downloads URLs for files signed by winsys.

17 / 68    (Adware)
http://down.windgdo.com/wdg3/.../windgdou.exe  (c5f50baac5503cc04607595a488a9d3c)

The following websites host and distribute files published by winsys.

down.windgdo.com

The certificates below are also signed by winsys.

2263D93DBFB27B138E40B4C84C6F627E  (Aug 07, 2013 to Sep 07, 2014)

0ED81EA1C6AD38AAF7D1D6B65E23E6F2  (Aug 03, 2012 to Aug 04, 2013)

3BAF04F99FF424C8D66FF4FDC4A5DF4B  (Jun 29, 2011 to Jun 29, 2012)

The following publishers (by Authenticode signature organization name) are related.

torangcommunications

* Note, the details and description above are based on the code signing digital signature issued to winsys by Thawte, Inc. on September 04, 2013 with the serial number '53e706a67c7d616dd8a05245e798a712'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.