» winram - jjelista.exe
Overview
Analysis
File Details
Downloads (25)

winram - jjelista.exe

Ldc

This is a setup and installation application. The file has been seen being downloaded from ldc.mx and multiple other hosts.

File name:

Publisher:

Ldc

Description:

WinRAM 1.0 Installation

Version:

1.0

MD5:

5ff4d2366e3325fa8a5655003e3efaa4

SHA-1:

3dfa74c8a3b10ce7d50f96b3b9ca4be9bccd4ff9

SHA-256:

b4fb32bfaf7af54e6eabe9f7c3bc2ab95196f3bc8e64cb52266e492fad1b81d5

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

11/14/2024 3:00:43 PM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clod022.Trojan

1.3.0.4959

File size:

292.8 KB (299,854 bytes)

Ldc

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\winram - jjelista.exe

File PE Metadata

Compilation timestamp:

6/19/1992 5:52:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:mYFvAFCvMRuBdiTibba12VG4TvLPCL5n5mX1AR:fJqMi+naAx7LPCbmlc

Entry address:

0x171A4

Entry point:

55, 8B, EC, 83, C4, F0, B8, E4, 70, 41, 00, E8, CC, B7, FE, FF, B8, 04, 72, 41, 00, E8, BE, 23, FF, FF, 8B, 15, 84, 86, 41, 00, 89, 02, 8B, 15, 84, 86, 41, 00, 8B, 12, A1, 88, 86, 41, 00, E8, 50, D6, FF, FF, 8B, 15, 84, 86, 41, 00, 8B, 12, A1, 30, 86, 41, 00, E8, DE, 76, FF, FF, A1, 84, 86, 41, 00, E8, F0, 15, FF, FF, E8, 4F, A7, FE, FF, 00, 00, 00, FF, FF, FF, FF, 01, 00, 00, 00, 2A, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

89 KB (91,136 bytes)

The file winram - jjelista.exe has been seen being distributed by the following 25 URLs.

http://ldc.mx/file.php?des=winram

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1475758003&Signature=PeZwWB7Rjd3hwubUzrCPuwlzyeq7XMiX4FlVbMFcigoCBbTffHoCQXU6Jl7n2sn8pQmDW3d9lH5IQ3NfE75jQgWKm~Tg4TH2ScHgob-bv2dpXYUj8W3zh7GQv9oSvB8QUmCECRoBn3mn-eGpg3sixUOgKhVeqz8Z7s5fgw7iZhQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1479971874&Signature=D3d~kjJ1cJkM-82itbqFgbosMMgOk46sYhaaRMFLFhD5XJ5zbXpglP0p~XxEthKNsFNtXHGtwV2oonKzEjo53LBl~m8Z2Hfm4uMJTO3EQjLbAG7ILQFnCgLsHlHGIqVgWN8fjmhnddQyyGK4l6FFEqUN0R5Y7MJafYWiVEYxxQg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

https://dw.uptodown.com/dwn/pN_V0lDncW1Ks4rnGhemUDXQaJydUmnUE0s1aDb_jQeZYw8z0cDp5cmCWG1stFeFPpu3N2gg3ijkczo60x7tlOqWJKuNb7MGiNkeISd1MysHfwi553HDv7PQHAKg3Gr4/heoeHi5odSgc1EHBo_km8ER7BVRZgetyV_GmXq-YUz5jUx0PRguv9V8UCYK4hPwe0HObuHRtmYyMrGREkbPvYqkljp5NplaQLpXHK5oCCKi2-ZCzow0HSQWN9BAb5k7s/E6vTnowFvWJbewCp0LhLojaWqBceuAOn-Wq9PbaC6qkQTviLpYJvFg2IBrHmtrTjinElmOXSq9lzB3u0DI_KfNr7v02QcJxubkAZ1W2GblFB6pOIHrxLm1j6hOuZ-LSn/.../

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1476234072&Signature=hFHpRQUkwHQAYU4INwiZCW6R1QX1E-U~nMFPcDF1C5weQchiOOnYvgcNj7XRbtIUUO-PYxoNJJhgcH3GXTgYRgpikWKGjvy-0IEW1IUwh4k32Ewmjcb6p1OdwuxHg8veILf6mm-qXO7aJqGL-w~64xUHSD7w~hpGo6HOEjkjy-U_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1481886123&Signature=D-WwLgRJ2ru7GgFf6-aY5wdTTZG9uSjAbYs9hEWuENCmMq0Vehz~F-xV9yvHvfIl5DPgJS-a32bg806QeiSeowFGxGJX8SmFzTiiLOdJAIFatyxw7sv2A7iv4DaM1Z0A6RmfnQDi654oYCFKdV1-~xsRq6v3CFH4NX3LPisZY7g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_en&type=PROGRAM&Expires=1476214319&Signature=CFnLiLt9llSdTrLxj6fpzR2~bPl0r1gvQjVg7Xu~tk4aDXFXx5rmL8ZypNs0jYd1cqIFQYGxoEHPvezXPd-QUegEy1jB7TcIRkPUJh-inWofs9iGBjyhOiWoFXKxPpawq3o6cRt68yW5yTKJK-F5Y2kSj~a8FDpn-3rOj00rBRM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1477885232&Signature=Stvc-44VbHTB-iUu3C2c9N7Nlxf1nNF819VmCaDB64A45yKH-SpRiXgcBwta3nQG4bgBlPxO8IYddzW9KJWbk8~7Plg-aOwdGcsbWmGxTtoHlkoWwjRCbCzYm7jsYB1H5r6COCoANvc9MIoxWAIDmQk81XvtoUanIfZrP-X5AOA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1474535447&Signature=M2rGiUMrQOIryRjVUXNxKwKDTwtWVrWgi9Tb~LGrI~X1soigLc5riqeW8fzZuttsSoYTHBCMB6uGtu8raqPCGQlHNZJFI3lNqP4EWaf0RIfJzUaahFA5Cpswzqn6K-wrcWKk0l4LO~nu-H3plEybSzanVkslntukjiM92TLWU3k_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1480416420&Signature=Q60WaOhCsRF~EkKFkjXYQzjaxN~vZbNEZjEaYTadtVXlmMBmztv0yKxgDe~dou4n57-YIeOUVgipgY3gP6QHm2JCHfM3imsVGJfIAmh~HXG9afgq9Lt3Gt9SaplHdOzRRe0aoKL6eoHMHVazL7tkUDYGeqCwn8dxE9zVMNCuVr4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1466487478&Signature=MfpLHJhX4hZblGisE26KP53bM5ql6uiYAwyEcho2rvp0qtZ-u44lUlCC3~1tx5~HF4bzJyaindKymEXf4h~MnrOr-ogJE90B66J9H---2qcrFkTvIu3~EQ9jMkSsh~9O4w5JXS8LM9uLkR23CamDSkUdFyGrrEUZUmgdyPEv0K8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

https://dw.uptodown.com/dwn/iPSutEAbeuPUXlM3P2UTBGxXyn34-CHvK7sDSzQhtvfAJYnH2XyYRf3YdTt23D7iy0xQurqfX5ikY_26Gfx19RFoY1hBmXHZvg5oT92AfcDwG9iMfnIX5XM1gXcivg4X/pIPiTmMmvzzIRWu4m8JDYcHa8mMRUlriQ-K_cQ7arvZmQmn5AnVWxMuf-BfftCs1BeO-_Xu2WAKGD7STQGSa19utKTNHI-gdj0frPI5ckoVYL2soMQg-DCFxqkeTjZ1S/208z3Ofuhn4IpfRvUdPsqOZBzE_vP1eEWtYNkYTk4tjA2H9hx4zdjpXYYGxJEwgkGYk0wsR5JCm6P9UkJZkcUaMJahP2J9wsb1j-l4MtfZXDEf59Uga85PeGv_sLgF8D/.../

http://ldc.mx/get.php?des=winram

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1464182050&Signature=KuyG4c3CL2Cyihy1838oAfgoFJX61oHALOolletg1lEpfX-3UNnjYaLAIM5IMdS~J-dwCmI0wJQZWqbVm9Mxh2lVpn~h6MPfBcDd5WEx-7aXHaM0m4l~12pEZCn~zV~kW-d7iLKgRunJx8R4NCyntcBTlsAYhYJ8TKU4IBYqLMs_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1455602089&Signature=Lu9M4YjRtAhVGQ5lZGm21XZ4Qak2zdcKizftiq9LNlFEfZlVfar~zP23cyIWX7zrmKMiDPvvqV3EUJdBlZDW1WuFvDYZ751-oQqu6HQArNyUoorHzloq-dOHkIO2KZ9IXi8wV9SIQcVZ1E95vilRpk9PZb-ssUif2i7HswjsSOI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1463056141&Signature=cFANpcUeO35bGzp-QuXhr2KGxq0MaV6ijx7wmGYPY7R-vBN9a1IoU6vMJeKRZObsT~Gr9syKsNBjCusX-b-N6MYhyI64VEHv-p3iH5vfB4coKar2Hi-BI6EmBDZV1qunOlBZ3x7l6jmhznd--cCkuzIcovxjNhzqnK9VZinys48_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_en&type=PROGRAM&Expires=1457593810&Signature=cCdokfAsFpY0XAu30QPJseonOESMkRtPdbtEnMPjF3WPc2Gh~Dlald0szBhrVbdBxs0Y7fYMWnylOgQZD5KLlresHz210XjnYOFlda4lZCUQKs58s2C5n8~GVWcRdq-ucSOYnXtKZES93FMNv72CZZLK4rk3vN8scAoa0VegQOE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1431641268&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=FMXGIKCDYVA9pVcv88nEuDaZAxYECUuocbsDnvkWIUN1Au6ctSNMAlDcRvqUUITk1BsQvIUlw-tCbX3iP76C1kGFo5mdcuTYqsrI3N9HqyNvC961apLloj4XrMgSVOknusDWHyMynzB6bra6MtTGu0WnSBcBC1P~LVDKpAFHBbk_&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1459167625&Signature=SASHMJep~BiBZZ5ZWJ7slvuD59mTC53TnLz8ZdV1qN5DhPPJjOMJ0Y3l9w9mcLwqNQAzj5nQrKUUNKJ3HIFDtc0B4NwF7DNl1rtB9-9lzY3kNrvOyoMvC0flHCo-vw9fKvLBcq4I4W8w4V1BOGdUvVutQeI3CzolOMPJRIL-tn0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1455082189&Signature=exkK8UqlysZMyja4igM1gx7MXVJrAQpfmuyfrTCc7KKw~x7oRj5OAIqNdlC1FNdLIm6v8cmRYUMXI-JpNBo0zXGjn7hN3UZYY9BJe5S6dnauArf9cxP0jCfHwX~HCTAUCL~8wfIf~p22wwhvYYCTbEPp6mszn4lV603QJy34LIY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winram.exe

http://www.mxone.net/get.php?des=winram

http://dw.uptodown.com/dwn/5aDS9QyjGhi4krOxAsR7GpV82V-iU-K-wAlHSQ7Diny6Vx29m7NFjgA2wPSfktW7u4iLjqZC_qHBjU13sqIuF-vaIO_7rmlJAuHZ4wm4LeQfh3MFU7CFlpQNc_Pgw164/YOnOBjSBpcXeXYjh4BQb2EzbdsHC_ngshYR9OOBiriZfRT5eE3h01K8N0vEyH3WNaUIN7BzXYfCmr58hPZE_6wkNPDWoXWEIqzwNFfaJim6muuXWM6YYTIX50KTxOnQw/.../

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_es&type=PROGRAM&Expires=1431655936&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=JgA8jV4spVaoVvd8Sx9yS9uU5bclA1zM9bi78Xufw2HAe-Pyiav7yZqpXrAbyhivc3hzgoVLynndahyNBmM4ldmFjEpx03I9wABuAlMsUBPqPfcrtADJHx5x0uVz-j6FSjYewckOLpg71Xx961yt7ZKqThNAH5j6MZhU~x8Xd8I_&filename=winram.exe

http://gsf-cf.softonic.com/3df/a74/.../file?SD_used=0&channel=WEB&fdh=no&id_file=86765&instance=softonic_en&type=PROGRAM&Expires=1435741351&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=CRqWZxKIotIGjnQLip-FakzH~hVDsssEV8xSFmDj-6ZN3im7CpeX4~xNlDnUcfefzksd9GoulYjYYDSsaQm6ZdQ4jiWwu1P7L-W~fIsfzWztJjs9vWFc5ccGfa5OOfJyIRmbIk05OLtMxn2mDEe3Y7P6WDNyx632O~-AxpNGXX4_&filename=winram.exe

http://portalprogramas-download.com/d/.../WinRAMPC

Scan winram - jjelista.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.