home

poweriso47.exe

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from dla.uloz.to and multiple other hosts.
MD5:
a38f725a0367f27e37bf2d01193fd8c7

SHA-1:
a044c5f5d5197ddb06a1dc1be1265d0409a338a6

SHA-256:
64da7baf8ac5f781e019ed2ebc3d2f830013cb103b71c29a59913a40e53c42cb

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/20/2024 1:12:12 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.GenericKD.1369533
8.13.12.24.06

File size:
1.6 MB (1,627,352 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\autoplay\docs\poweriso47.exe

File PE Metadata
Compilation timestamp:
2/21/2009 8:46:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:w1EN6cI+ZuekDcKz1Xihlpmpg2vkTq+6zfqO7Pg6P:w1u6cPueVK5X4Qpg2vk47Ph

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 05, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file poweriso47.exe has been discovered within the following programs.

PowerISO  by PowerISO Computing, Inc.
Publisher's description - “PowerISO is a powerful CD / DVD / BD image file processing tool, which allows you to open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files with internal virtual drive.”
www.poweriso.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file poweriso47.exe has been seen being distributed by the following 20 URLs.

http://dla.uloz.to/Ps;Hs;fid=55119637;cid=573452983;rid=1478837126;up=0;uip=159.253.235.140;tm=1484752399;ut=f;aff=ulozto.cz;did=ulozto-cz;He;ch=77694307030193b61ee789fa4a9962c7;Pe/.../pover-iso-virtualni-mechanika-exe?bD&c=573452983&De

http://www.poweriso.net/PowerISO47.exe

http://www.computers-bg.net/.../PowerISO47.exe

http://dw.uptodown.com/dwn/_HOcTMICexHF05L409rij0O1POMsW4QsDfnfbnYZNaGPT_QmZZl45fGpoDEbYUhPsoJmosfCGEtmSdiW-8rK0AJ84-FUOT2jR0EkEfS4R1GgtRVJcgmw59HRY4q4fvXL/9ruYDglSP5qvDiz92BN-Tyh0dbgHhB1Aj8HvYyFfKrcUNA7qJn51wre2otElDscLD_3CgEQnsHOqsNKK1jNRgYtaUkkEDzNkdtZspeT2acZT8z1rHmOiwqVhy8VyH9F0/GI8C2oeZ_2zlIweW3sa-RaTGeaVbU3HsDYg-Cez7KndI6poX9REPnvXi3XFg7x838onEStb7RGUEegA-ykgXyQLA_8i8T3lIcA_TmaNsHA2Was5dxVlOIBjg6N8c2M5Y/.../

http://download1593.mediafire.com/dar31j2xgfag/.../PowerISO47.exe

http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTQ3OTUwODY0MztzOjI6ImlkIjtpOjY0MDk7czo0OiJmaWxlIjtzOjE5OiI0LjdfUG93ZXJJU080LjcuZXhlIjtzOjM6InVybCI7czo0NjoiaHR0cDovL3d3dy5vbGR2ZXJzaW9uLmNvbS93aW5kb3dzL3Bvd2VyaXNvLTQtNyI7czo0OiJwYXNzIjtzOjMyOiI2ZWU0ZWM5Y2JhZDkxZTIxZWVhYTAxNjA2NDg0ZDQxYyI7fQ==

https://docs.google.com/uc?authuser=0&id=0B-RB2Hep-qWbTURzaDg3NlNGXzg&export=download

http://dw.uptodown.com/dwn/TlG8Rtx61LisXJ8Ss9NAHEyOGOXe9kK8aMG0Hn4XPgb-oVcNevu2U1c4knocGH3RZOJIoRxZHQNVP1k67AEiqpETmLP8JiVgUgZBUEfzySKYuplq3yMtcIHKOxb2WA5n/0C310j6wIeQ0PLNURKM8NeAx2fLw6xvooV_hkxfuRKOpMDst0ARQCJlta1_u08A9FhI8MgIOhiNQK9-MsOoflf73-D9AwSldkhdICF12oxyIUS7D3Yr6DGYUc7tJs5Lv/.../

http://dw.uptodown.com/dwn/hL90DmfqnJWv1IDBJWk-GKCUdLh1IY0dFo5xIEPFyyCCcpKeo8EfVe503IZxVsujMirgvlaCBZwn6XOkQL4FHbzNp_fJWPpS0V2aQylFUUzQENmA6ZYUkiuP6JvURUNt/2Vyn5IdacGawDULcrhvImbVcwQ6oU71ghmBvzbtO80vfbd9iOjrhZ-ndl8lxVoafQi-v7FNvqVpbv2MIj6E94yRXk5_GpSZIoqiNzDi-7cXXst47kJwhq1MKRmXtS025/.../

http://download1041.mediafire.com/g9297igw82eg/.../PowerISO47.exe

http://downloads.hotdownloads.ru/.../PowerISO47.exe

http://gsf-cf.softonic.com/a04/4c5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=48875&instance=softonic_br&type=PROGRAM&Expires=1424506083&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=fzRR7za-GLMW4aF9cbket3RIAkzEx~zeaEVrtRn-e3FCS2QOhjAStWO7f794KrdeDq0-XZrOhZO9-xMS~EtZP4kuOKOGElqORQdsaSPd2iEXCSA9Si5ZHziQH1xXGQOLm9hn32HNoiwHhr9KfQElok-T3JulQbZYXaoPiKuE6xQ_&filename=PowerISO47.exe

https://www.dropbox.com/s/.../PowerISO47.exe

http://www.profitsp.com/tools/.../PowerISO47.exe

http://poweriso.software.informer.com/.../

http://www.poweriso.com/PowerISO47.exe

http://dl.cdn.chip.eu/downloads/.../PowerISO47_RO.exe

http://gsf-cf.softonic.com/a04/4c5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=48875&instance=softonic_it&type=PROGRAM&Expires=1424051149&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=cr38712xYS37E5iEJrrOQ3Tda4wrrP0HvjEdi7KlXsyypc-mFRbgg6aECLNntxEYm4UGoS~ss5Phfh-S7LyvFDA30qu-K2tNJI2HZLGCGZBTVI78fTCcZQxl9grD9lZ7eUdRvpeQL5tjpjFwhMJfgw0hkgzBS~sCblq8XvLTNdM_&filename=PowerISO47.exe

http://gsf-cf.softonic.com/a04/4c5/.../file?SD_used=0&channel=WEB&fdh=no&id_file=48875&instance=softonic_it&type=PROGRAM&Expires=1423365249&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=LTO~RHifq9iJv3EUKnP~73mdzURYBZVomSiHKu0icOdxeIZuse-m1hR0YlcQT0jaD8ePFo8QooBr66IJNiq7S~lUGdsCGzBmVPcfklCXJTMoSab0rxELUHBn81-CR6LUG2SfmEvhNm12qC7OUkaVM2ld76weePALBIawKOBWc9c_&filename=PowerISO47.exe

http://software-files-l.cnet.com/s/software/11/37/50/.../PowerISO47.exe

Scan poweriso47.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.