WinFixProPackage.exe

WinFix Pro

IMALI - N.I. MEDIA TD

The application WinFixProPackage.exe by IMALI - N.I. MEDIA TD has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.winfixprofessionals.com.
Publisher:
WinFix®  (signed by IMALI - N.I. MEDIA TD)

Product:
WinFix Pro

Description:
WinFix Package

Version:
1.811

MD5:
cfd0c45c19ada5e3783e65d9964394fa

SHA-1:
1619a6ccf86f77c21ae9228274ed2a42fb0faaf2

SHA-256:
0b0df3bd7bac03804947bfdcfd74f9cd6c9dacf032f1ada28d2527755cce3b36

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 11:00:29 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.ReImageRepair
4.0.3.15420

Dr.Web
Program.Unwanted.228
9.0.1.0110

ESET NOD32
Win32/ReImageRepair.F potentially unwanted
9.11505

IKARUS anti.virus
PUA.ReImageRepair
t3scan.1.8.6.0

McAfee
Artemis!5DD3394EFD0E
5600.6789

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.IMALI.Installer
15.4.20.18

Trend Micro House Call
Suspicious_GEN.F47V0210
7.2.110

Vba32 AntiVirus
AdWare.MSIL.OutBrowse
3.12.26.3

File size:
12.6 MB (13,228,712 bytes)

Product version:
1.811

Copyright:
© WinFix 2014

Trademarks:
WinFix

Original file name:
WinFixProPackage.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\winfixpropackage.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/13/2014 7:00:00 PM

Valid to:
12/16/2015 7:00:00 AM

Subject:
CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
017B4EC01F594ADE73E421BB2CDD9FE2

File PE Metadata
Compilation timestamp:
2/24/2012 2:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:qaxqETKLLSmDooeird4N6+7W7GdYYcxYkmY5lLnPvjoO+LZo+ug5bgnJpCtoYu50:JDxmd4N6N7Jh5FnPrh+W+pgnyWJ5U

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9996

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file WinFixProPackage.exe has been seen being distributed by the following URL.

Remove WinFixProPackage.exe - Powered by Reason Core Security