winram - jjelista.exe

Ldc

This is a setup and installation application. The file has been seen being downloaded from ldc.mx and multiple other hosts.
Publisher:
Ldc

Description:
WinRAM 1.0 Installation

Version:
1.0

MD5:
5ff4d2366e3325fa8a5655003e3efaa4

SHA-1:
3dfa74c8a3b10ce7d50f96b3b9ca4be9bccd4ff9

SHA-256:
b4fb32bfaf7af54e6eabe9f7c3bc2ab95196f3bc8e64cb52266e492fad1b81d5

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/14/2024 3:00:43 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clod022.Trojan
1.3.0.4959

File size:
292.8 KB (299,854 bytes)

Copyright:
Ldc

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\winram - jjelista.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:52:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:mYFvAFCvMRuBdiTibba12VG4TvLPCL5n5mX1AR:fJqMi+naAx7LPCbmlc

Entry address:
0x171A4

Entry point:
55, 8B, EC, 83, C4, F0, B8, E4, 70, 41, 00, E8, CC, B7, FE, FF, B8, 04, 72, 41, 00, E8, BE, 23, FF, FF, 8B, 15, 84, 86, 41, 00, 89, 02, 8B, 15, 84, 86, 41, 00, 8B, 12, A1, 88, 86, 41, 00, E8, 50, D6, FF, FF, 8B, 15, 84, 86, 41, 00, 8B, 12, A1, 30, 86, 41, 00, E8, DE, 76, FF, FF, A1, 84, 86, 41, 00, E8, F0, 15, FF, FF, E8, 4F, A7, FE, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
89 KB (91,136 bytes)

The file winram - jjelista.exe has been seen being distributed by the following 25 URLs.

http://ldc.mx/file.php?des=winram

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1475758003&Signature=PeZwWB7Rjd3hwubUzrCPuwlzyeq7XMiX4FlVbMFcigoCBbTffHoCQXU6Jl7n2sn8pQmDW3d9lH5IQ3NfE75jQgWKm~Tg4TH2ScHgob-bv2dpXYUj8W3zh7GQv9oSvB8QUmCECRoBn3mn-eGpg3sixUOgKhVeqz8Z7s5fgw7iZhQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1479971874&Signature=D3d~kjJ1cJkM-82itbqFgbosMMgOk46sYhaaRMFLFhD5XJ5zbXpglP0p~XxEthKNsFNtXHGtwV2oonKzEjo53LBl~m8Z2Hfm4uMJTO3EQjLbAG7ILQFnCgLsHlHGIqVgWN8fjmhnddQyyGK4l6FFEqUN0R5Y7MJafYWiVEYxxQg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

https://dw.uptodown.com/dwn/pN_V0lDncW1Ks4rnGhemUDXQaJydUmnUE0s1aDb_jQeZYw8z0cDp5cmCWG1stFeFPpu3N2gg3ijkczo60x7tlOqWJKuNb7MGiNkeISd1MysHfwi553HDv7PQHAKg3Gr4/heoeHi5odSgc1EHBo_km8ER7BVRZgetyV_GmXq-YUz5jUx0PRguv9V8UCYK4hPwe0HObuHRtmYyMrGREkbPvYqkljp5NplaQLpXHK5oCCKi2-ZCzow0HSQWN9BAb5k7s/E6vTnowFvWJbewCp0LhLojaWqBceuAOn-Wq9PbaC6qkQTviLpYJvFg2IBrHmtrTjinElmOXSq9lzB3u0DI_KfNr7v02QcJxubkAZ1W2GblFB6pOIHrxLm1j6hOuZ-LSn/.../

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1476234072&Signature=hFHpRQUkwHQAYU4INwiZCW6R1QX1E-U~nMFPcDF1C5weQchiOOnYvgcNj7XRbtIUUO-PYxoNJJhgcH3GXTgYRgpikWKGjvy-0IEW1IUwh4k32Ewmjcb6p1OdwuxHg8veILf6mm-qXO7aJqGL-w~64xUHSD7w~hpGo6HOEjkjy-U_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1481886123&Signature=D-WwLgRJ2ru7GgFf6-aY5wdTTZG9uSjAbYs9hEWuENCmMq0Vehz~F-xV9yvHvfIl5DPgJS-a32bg806QeiSeowFGxGJX8SmFzTiiLOdJAIFatyxw7sv2A7iv4DaM1Z0A6RmfnQDi654oYCFKdV1-~xsRq6v3CFH4NX3LPisZY7g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_en&type=PROGRAM&Expires=1476214319&Signature=CFnLiLt9llSdTrLxj6fpzR2~bPl0r1gvQjVg7Xu~tk4aDXFXx5rmL8ZypNs0jYd1cqIFQYGxoEHPvezXPd-QUegEy1jB7TcIRkPUJh-inWofs9iGBjyhOiWoFXKxPpawq3o6cRt68yW5yTKJK-F5Y2kSj~a8FDpn-3rOj00rBRM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1477885232&Signature=Stvc-44VbHTB-iUu3C2c9N7Nlxf1nNF819VmCaDB64A45yKH-SpRiXgcBwta3nQG4bgBlPxO8IYddzW9KJWbk8~7Plg-aOwdGcsbWmGxTtoHlkoWwjRCbCzYm7jsYB1H5r6COCoANvc9MIoxWAIDmQk81XvtoUanIfZrP-X5AOA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1474535447&Signature=M2rGiUMrQOIryRjVUXNxKwKDTwtWVrWgi9Tb~LGrI~X1soigLc5riqeW8fzZuttsSoYTHBCMB6uGtu8raqPCGQlHNZJFI3lNqP4EWaf0RIfJzUaahFA5Cpswzqn6K-wrcWKk0l4LO~nu-H3plEybSzanVkslntukjiM92TLWU3k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1480416420&Signature=Q60WaOhCsRF~EkKFkjXYQzjaxN~vZbNEZjEaYTadtVXlmMBmztv0yKxgDe~dou4n57-YIeOUVgipgY3gP6QHm2JCHfM3imsVGJfIAmh~HXG9afgq9Lt3Gt9SaplHdOzRRe0aoKL6eoHMHVazL7tkUDYGeqCwn8dxE9zVMNCuVr4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1466487478&Signature=MfpLHJhX4hZblGisE26KP53bM5ql6uiYAwyEcho2rvp0qtZ-u44lUlCC3~1tx5~HF4bzJyaindKymEXf4h~MnrOr-ogJE90B66J9H---2qcrFkTvIu3~EQ9jMkSsh~9O4w5JXS8LM9uLkR23CamDSkUdFyGrrEUZUmgdyPEv0K8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

https://dw.uptodown.com/dwn/iPSutEAbeuPUXlM3P2UTBGxXyn34-CHvK7sDSzQhtvfAJYnH2XyYRf3YdTt23D7iy0xQurqfX5ikY_26Gfx19RFoY1hBmXHZvg5oT92AfcDwG9iMfnIX5XM1gXcivg4X/pIPiTmMmvzzIRWu4m8JDYcHa8mMRUlriQ-K_cQ7arvZmQmn5AnVWxMuf-BfftCs1BeO-_Xu2WAKGD7STQGSa19utKTNHI-gdj0frPI5ckoVYL2soMQg-DCFxqkeTjZ1S/208z3Ofuhn4IpfRvUdPsqOZBzE_vP1eEWtYNkYTk4tjA2H9hx4zdjpXYYGxJEwgkGYk0wsR5JCm6P9UkJZkcUaMJahP2J9wsb1j-l4MtfZXDEf59Uga85PeGv_sLgF8D/.../

http://ldc.mx/get.php?des=winram

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1464182050&Signature=KuyG4c3CL2Cyihy1838oAfgoFJX61oHALOolletg1lEpfX-3UNnjYaLAIM5IMdS~J-dwCmI0wJQZWqbVm9Mxh2lVpn~h6MPfBcDd5WEx-7aXHaM0m4l~12pEZCn~zV~kW-d7iLKgRunJx8R4NCyntcBTlsAYhYJ8TKU4IBYqLMs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1455602089&Signature=Lu9M4YjRtAhVGQ5lZGm21XZ4Qak2zdcKizftiq9LNlFEfZlVfar~zP23cyIWX7zrmKMiDPvvqV3EUJdBlZDW1WuFvDYZ751-oQqu6HQArNyUoorHzloq-dOHkIO2KZ9IXi8wV9SIQcVZ1E95vilRpk9PZb-ssUif2i7HswjsSOI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1463056141&Signature=cFANpcUeO35bGzp-QuXhr2KGxq0MaV6ijx7wmGYPY7R-vBN9a1IoU6vMJeKRZObsT~Gr9syKsNBjCusX-b-N6MYhyI64VEHv-p3iH5vfB4coKar2Hi-BI6EmBDZV1qunOlBZ3x7l6jmhznd--cCkuzIcovxjNhzqnK9VZinys48_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

Scan winram - jjelista.exe - Powered by Reason Core Security