winiso.exe

WinISO

ZJMedia Digital Technology Ltd.

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Publisher:
WinISO Computing Inc.  (signed by ZJMedia Digital Technology Ltd.)

Product:
WinISO

Description:
WinISO Installer

Version:
6.3.0.5045

MD5:
9f2e9fbfd5071c6479ac794c4fab824d

SHA-1:
e1d9e2e10ac948a3085aa80dc66d0f91034d2bfb

SHA-256:
3847dda5877a69634c3d5b146f36b5bda328251a7e6955932561b46b0994fa4e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/30/2024 11:06:42 AM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.Ramnit.cspjsp
0.28.0.57029

File size:
6.7 MB (7,013,568 bytes)

Product version:
6.3.0.5045

Copyright:
Copyright © 2001-2013 WinISO Computing Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\winiso.6.3.0.5045\winiso.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/27/2012 2:00:00 AM

Valid to:
3/27/2015 12:59:59 AM

Subject:
CN=ZJMedia Digital Technology Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ZJMedia Digital Technology Ltd., L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
56D66525B91E3CF6EBB314404CE3B071

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:smknFQnelFLLbCGRt6Hqf0LC9sV7DuYHemav0zd+Z/JBkQ0rd:smCFRFLLxySf2+Syvi+pbg

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file winiso.exe has been seen being distributed by the following 33 URLs.

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1485150276&Signature=VUSNlZcSGpZzQb3R6aQmAdTn~kcl2uQgp4PmnVvFgoFF1tfDEQQFmMmM5QIcSrFeJSBTR~Xxsy4utweboU3WfT5YqiS~HE16ceUVMf2TS6rA-aWzX4PO1nGzVrtKj9qDsG~fl3Hk9473I7gKTgHBF1IVYGkZY6HIURhpCtHR8-o_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_fr&type=PROGRAM&Expires=1471549198&Signature=VXXmEk36CX3NppqU-ZG7q91sUfIm2VD7t6Wb3keLht2q~BopxJHk46zyZvTPNnTROMd3lv7fm2g5YuCA4mteDc90nOpSvguHcuSLOx21ubpb8giAIv8BcVoJFrPt-sWjDkKpK-AaNCU1qehtBqnjr51Nhc1VabHJMlPa9IKOpf8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_en&type=PROGRAM&Expires=1444969195&Signature=HcynXHe3srXSDMT9LAaWBdu3XixmFTUMXDu3NXeRwjzaqir3aamrNGRtU1T1wABNozIwL0s-W1Udm~D08P3HisiOb7JceK4CdJDTMCnxybTCqkslNHFmEZ0F4R2jVnHxPSOH~UdPQuB7dk2p3MUV7JkzXe9UN8bArI66O5-qefQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1475864539&Signature=HMBOjZHhm8Q2GHjAvGmQcicuQeTYwQ7vEv4vI~yHDJPSoRHN9KbTN7LgFGx5ef7H-Z-cRDSmyKcq6NSZEkkYtJDgCcGdedXzn1qhJAcA~dSOv85EwTxthfh7RD3euEhMxIo1Z~wUx-pmojPhmAv4yLY9cyezCRyiQAAm5NdkcJw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1453682263&Signature=da-Q8OotGP1HWW9534nKOoObfb90hQhYwoPwkq0XWXNpdiJnllHUfAEeXx3mtDUMMvFVEAO3vhzRqOrLYSyu~4GDmIJkd3xSGEgNHkuPEtJMx~KqAr4RaHFoMDpzJ40PajEvmFo3XAapbdjDIRdzwkmpxMDdojj8zjlbctPCGgc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1473995303&Signature=ZAJ8a3KlFeJvepE5Mex0ZgKtBG1KZ8PibxbWTVOTBA-e4D-oAXlohaGUBxIBvbDtxsWOyv6e8SEzfu9FJLxm3rm1bM71oJcnd3fOyvzxuz5szwGTZjTlk6vDQFGbnl584Lb0NUuWafLWdEgGefq3VY9qJ7ugbOsIVGs6k~8VRpA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1478386432&Signature=G7rTcFf6XXf5EVHaKWZhaPqeeVZMF8BoMSjxa6HjtKemCESxESCMUoMj-Wwm4REbHYl5krKWngrZ-AIGjZsOwL1Rk04xgPO4Gtb3JoPGlpmBnsdZph6KcImOOh3iR-fBiGkb8xtcEohPsjhJpRC53e18r1trPn1mAJIjBLxpaaw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_en&type=PROGRAM&Expires=1479606796&Signature=ecpA-mwakn4135tAdvQyBuqsEW40kKhpFh~M0MqZLNrKIv3O6uvCM8nwL2i2H7Og86P9Ed0rtASv1uGv3bKU25mONsd6fhub3cbGnULOByDcNKryaiHTPcxQ2rTvHLVdBOoNmqiV5azGOfhI0paF-UCpSP29tM5Xi2qI4HjxDLY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_fr&type=PROGRAM&Expires=1480041089&Signature=ClL5YBdORzvQiQLm~wArST3wdP95STLbKiqkuTOUh5s4B~YBkNSY2zjRLD3QWzNouq1deCi~vgqgWt~r-F5-OFJN3Fq4oLxaiCZSGk~gEd7G2gnUhiyhbxsezVJaFKeD2aTGO4FaETEzxGK0x21W0qUHaSlIhMoZ-Ypj1wkRFwU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1481868925&Signature=Tzt4g0b--ujcs21ccYbaErpYLEakI6Nf7uhH2dPznBYuvVNmyitoWhTdXqF4l~~n8JdUzJ4wCuVc7NiYs5djo9RxFhOfWNdAM3dZ9Qu0j5XS8KTLYRtSApEy--WVMowTpWIUhWwjrXuKMb-79JkOsSnwex4poB6y64q8HT-quyY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_fr&type=PROGRAM&Expires=1480983432&Signature=VT2MX6F01Ie~0tiuGE72Aq1PYTIUkTwQtPkgUpsACd0jOZXFYYh~u8-6f0czja6s7uFct0snpcuzYryz6WKJTUdL2a8bz1zg1I1EzaIqtzHbr4XpiDc2eQazkobFNlrIH5hGl93EPXsOrsInTQjIT8m97mrJ9aGfjljI636l8Kc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_fr&type=PROGRAM&Expires=1482727581&Signature=P0BupFCDKop9xjufB3beYA60ho4Y1NMDgcsn6cpfHFGn~CYOMP7aO2vz8veXfeRXkeAIb26XT2K0t8qE8QXT4J0K~29wJdFncTg1SxyCyWKf3OeARpG44gpyImDO8maiDuHVOW5QKxVikXZugtFUf4cURfrfPFtbYTljKqBDsI4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_en&type=PROGRAM&Expires=1477546157&Signature=azjwDrl2xstBDR9FI~s77-MelW3yL2-uscZarBcTlxQcuO7DUsdrDBfJRNCgODPtVBR~-y0JnbTvSwsztIw8zMvo8gyspJX8CCKc~xZkFIW5PrtmAZU1Boq5MS2Fa9exKhDt4lbIwtnTQ6xsJQGxc7vcRcIzQQ0YyiAX3T~NkK4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_en&type=PROGRAM&Expires=1446440139&Signature=TXPjtWZTl4e9J4pLPaQOd~Ma4WvEDpXf-RVddpwVKrdxgsbs-hma69GE~Hc0rEQtHEap9yWlW7Quaof0ScwmN18R2fV6VEztsX20-YI3lyU2PO4J9rm4C8NyOAl1wIrNP5BiJFBY5Ise0c90YESOk0uAofGPLmeS8NOudc5zvMU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_en&type=PROGRAM&Expires=1442814178&Signature=WLrp01rSM480z-ARBOmHNd1wAV5ny2hUCP4uUHi62xeLOGLi2Z0MiC8HXf9ssQNZf29XI8mAkH6-f9TttUxTXWiDGbBS4Dcw~weU01z6u8EQ2dLvdxGKRR0mkM3HtbxGnzFJBwznwmyk4M6KN5r6CYqzbZWuBarfab6ska91mKo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_fr&type=PROGRAM&Expires=1475358674&Signature=fJnrhsG5wlHAeMmmrw~mjaXm5wIqSjnYmburrEgrdF9BIxQgv-b-O9ORsSnYDlE384wjWxbfC~yZgwStv95v3y7GzjEb-VKlzPBoQGkhin1jHHTN7Pkc5GyT19eyvsNPiRzSzPW7hQz1YX7dacEa3EmecQKd2RGl4GfBt0AZj4M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_en&type=PROGRAM&Expires=1474608510&Signature=GyDKBkkf7nDQp8QxzYHUtKz2h2kTieD7gv7Z-UjkBPlVgHMzA~IXrH88rIqaL9zMwCcZjtILMRzlQE7z1c8zk9NT7N1OivtQVN99ZCt6sQJXQNz9Kc5nT4CCkq3-Fu2c1xGl5UMAQ6PqQGYaOIg3hiFUjC2ssuXZ6Qaz5jWQ-AA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_en&type=PROGRAM&Expires=1477534610&Signature=ff~JZoTZymCt95I4j~Ve6a-ht~AqYJWaUj5w79gRXDvdJZIUhkCUWBYi7R0KLmqX8lPcAGRWbXIJcjkj4fJTFlx2dlG1ygz92KEEPu60~SXhEdCBxAdJpGUCl~sfkVV-6uHh5ZkbApQ~J4eDL0wCDOr3Em4eAjLOvxZIX68fD8w_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1476185445&Signature=IU8eVDmsGS93LKMCPYyYbTPGUPkEl4nMS7a5Bn0tn723gLfUCM~LuFpqCs0YMJHSHT3djO~OE3io1MrR1lFXgDVW4dBaKqY83O5cq86oRreGc9OAoUB9GtO2NYbvPhOfQx2s2gy4uA2SSTwh-ZX7t76xyAYFXFpWUWArkgWcQdc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_fr&type=PROGRAM&Expires=1471661325&Signature=eKSTEArGZKmfeukvbhmhCp7jEuCMZ1eaFUGSQ1tll0QM8Gp0xx5DQ9sh3vfu1PvIk0TkU-Epn1SwYlbWrIODRCTmzj5hsC2VVWm169ulcCvdWq8mDU7TCMszX1lSQ~lWlPxUCzMxognQDbw9d1aUwY87dBhqWCEvVOV99RBbQ7E_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1475173029&Signature=BH4txQhPElleYVgrx0lE7HyhTDLG-ya75zhRwmXtfQ59C~eCKCnAfrhCpt~liKk6~enZjeuJxOR5G58uj~gBZm24dsZ-7o7ZS8XbKDNPY-6kyyCDfmsdfYKYwq2~AeE1a5F-PYSiK8-hD3xJHttW843bF3AzemRI7j1Zy91hiRs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

http://gsf-cf.softonic.com/e1d/9e2/.../file?SD_used=0&channel=WEB&fdh=no&id_file=16553&instance=softonic_es&type=PROGRAM&Expires=1473044005&Signature=S8M1DiVkPmFqWH76DXb4tsFk~VR1YZN-rgiYCfPBcRDcaF9UEuIpTaZ15t8nNa5TjrgWP8P1iOOxPVIsUylo5TgyXZHKTJppoWDJgQS~Qmif1yAHJrnCgfrVTLoUJscGxbAJ0Mapvi8Ckjf7vPU0J52cnQ1U6ecWugH6lolDowA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winiso.exe

Latest 30 of 33 download URLs

Scan winiso.exe - Powered by Reason Core Security