winfixprotemp.exe

WinFix Pro

IMALI - N.I. MEDIA TD

The application winfixprotemp.exe, “WinFix Downloader” by IMALI - N.I. MEDIA TD has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program WinFix Pro by IMALI - N.I. MEDIA TD which is a potentially unwanted software program. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.winfixprofessionals.com.
Publisher:
WinFix®  (signed by IMALI - N.I. MEDIA TD)

Product:
WinFix Pro

Description:
WinFix Downloader

Version:
1.517

MD5:
9dac9fc4943b42363fd3ff524f64f861

SHA-1:
4b245bc8e35404102ee537d90be7eb9a3c367d5e

SHA-256:
c43a6b4305a90babab6a9cba46ee2b0d1befe5d1ee39439fae66b62943e6d604

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/24/2024 11:02:44 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3098

Baidu Antivirus
PUA.Win32.ReImageRepair
4.0.3.15526

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
riskware program Program.Unwanted.455, is riskware program Program.Unwanted.228
9.0.1.05190

ESET NOD32
Win32/ReImageRepair.F potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.IMALI.Installer
15.5.26.6

File size:
779.8 KB (798,536 bytes)

Product version:
1.517

Copyright:
© WinFix 2014

Trademarks:
WinFix

Original file name:
WinFixPro.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\winfixprotemp.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
12/14/2014 1:00:00 AM

Valid to:
12/16/2015 1:00:00 PM

Subject:
CN=IMALI - N.I. MEDIA TD, O=IMALI - N.I. MEDIA TD, L=tel aviv, C=IL

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
017B4EC01F594ADE73E421BB2CDD9FE2

File PE Metadata
Compilation timestamp:
2/24/2012 8:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:R0g+Ojh2FA2Xg73RT7E9Yzewxnl9+pVeTTO0gcCre50ET3cfE/KybyAfKVQi2wey:+jOUFjwbhE0pnl5pX0EwfE/HfK1281

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file winfixprotemp.exe has been discovered within the following program.

WinFix Pro  by IMALI - N.I. MEDIA TD
Publisher's description - “During repair, WinFix not only removes damage, but also reverses the damage done to your Windows OS by replacing corrupted and deleted files with fresh Windows files and components from our continuously updated online database.”
www.winfixprofessionals.com
About 58% of users remove it
 
Powered by Should I Remove It?

The file winfixprotemp.exe has been seen being distributed by the following URL.

Remove winfixprotemp.exe - Powered by Reason Core Security