WinFixProPackage.exe

WinFix Pro

IMALI - N.I. MEDIA TD

The application WinFixProPackage.exe by IMALI - N.I. MEDIA TD has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.winfixprofessionals.com.
Publisher:
WinFix®  (signed by IMALI - N.I. MEDIA TD)

Product:
WinFix Pro

Description:
WinFix Package

Version:
1.811

MD5:
f7e200a37a511c24b66d1a3d8d66a332

SHA-1:
a7e5a717e825a0ff1c1badd6469b46311e63e21b

SHA-256:
df2c1d0dc57869bf92d0648e0f8a6362aad466a22653867e213ccdae1793d1f0

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 11:12:50 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.ReImageRepair
4.0.3.15425

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Program.Unwanted.228
9.0.1.0115

ESET NOD32
Win32/ReImageRepair.F potentially unwanted
9.11524

IKARUS anti.virus
PUA.ReImageRepair
t3scan.1.8.6.0

McAfee
Artemis!5DD3394EFD0E
5600.6785

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.IMALI.Installer
15.4.25.0

Trend Micro House Call
Suspicious_GEN.F47V0210
7.2.115

Vba32 AntiVirus
AdWare.MSIL.OutBrowse
3.12.26.3

File size:
11.3 MB (11,866,672 bytes)

Product version:
1.811

Copyright:
© WinFix 2014

Trademarks:
WinFix

Original file name:
WinFixProPackage.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\winfixpropackage.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/13/2014 4:00:00 PM

Valid to:
12/16/2015 4:00:00 AM

Subject:
CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
017B4EC01F594ADE73E421BB2CDD9FE2

File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:8UfboTRtf+AGG/vmkSDsF2aHtxYXSD4yvv3UzLfs85EjlFbogs3GmxGu/Uulv0B/:8U2tmvG/b0uXLspzLk852LMxG7+O

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9995

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file WinFixProPackage.exe has been seen being distributed by the following URL.

Remove WinFixProPackage.exe - Powered by Reason Core Security