WinFixProPackage.exe

WinFix Pro

IMALI - N.I. MEDIA TD

The application WinFixProPackage.exe by IMALI - N.I. MEDIA TD has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup routine uses the RevenYou.Com Pay Per Install platform (OutBrowse) which bundles additional software offers inclduing toolbars, extensions, PC utilities as well as other PUPs. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.winfixprofessionals.com.
Publisher:
WinFix®  (signed by IMALI - N.I. MEDIA TD)

Product:
WinFix Pro

Description:
WinFix Package

Version:
1.816

MD5:
65dd15b5f30e3025572200265253ddc1

SHA-1:
d127322b234953d68eb1ed453ab7a9ff91547481

SHA-256:
38e42cadcf6a2d0853d5053493ef7da447dd3a218ac1992dc815957712dcd93d

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Analysis date:
11/24/2024 10:33:03 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3063

Baidu Antivirus
PUA.Win32.ReImageRepair
4.0.3.15630

Bkav FE
W32.HfsAdware
1.3.0.6979

Dr.Web
Program.Unwanted.455
9.0.1.0181

ESET NOD32
Win32/ReImageRepair.F potentially unwanted
9.11861

Fortinet FortiGate
Riskware/ReImageRepair
6/30/2015

IKARUS anti.virus
PUA.ReImageRepair
t3scan.1.9.5.0

McAfee
Artemis!65DD15B5F30E
5600.6719

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.IMALI.IMALINIMEDIATD.Installer (M)
15.6.30.1

Trend Micro House Call
Suspicious_GEN.F47V0210
7.2.181

Vba32 AntiVirus
AdWare.MSIL.OutBrowse
3.12.26.3

File size:
11.4 MB (11,999,752 bytes)

Product version:
1.816

Copyright:
© WinFix 2014

Trademarks:
WinFix

Original file name:
WinFixProPackage.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\winfixpropackage.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/13/2014 6:00:00 PM

Valid to:
12/16/2015 6:00:00 AM

Subject:
CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
017B4EC01F594ADE73E421BB2CDD9FE2

File PE Metadata
Compilation timestamp:
2/24/2012 1:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:9uffNS5DYmbW6R7RBMU8mM8Xkm+pESfwD6IEHJ2iwI8s6fokXG:+fNS5cVYR2U8KXkm+pES4+bJdwd12

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9995

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file WinFixProPackage.exe has been seen being distributed by the following URL.

Remove WinFixProPackage.exe - Powered by Reason Core Security