» poweriso5.exe
Overview
Analysis
File Details
Downloads (3)

poweriso5.exe

PowerISO

Innovative Systems LLC

The application poweriso5.exe by Innovative Systems has been detected as adware by 76 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.joydownload.com and multiple other hosts.

File name:

poweriso5.exe

Publisher:

Innovative Systems LLC (signed and verified)

Product:

PowerISO

Version:

1.0.0.0

MD5:

fb0b1de6c27837f187c02aa51cc3eca2

SHA-1:

596e239a42b02c1f3a9565ab0fad79fb9cfaf513

SHA-256:

ce504a0158a29a75dd5c45808f6beb584910f3eb9aacf1000501670a2e9a0f31

Scanner detections:

68 / 68

Status:

Adware

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/24/2024 9:47:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Runouce.B@mm

980

Agnitum Outpost

I-Worm.Chir.B

7.1.1

Avira AntiVirus

W32/Chir.B

7.11.141.48

avast!

Adware-gen [Adw]

140617-1

AVG

Potentially harmful program Downloader.ASQ

2014.0.3986

Baidu Antivirus

Virus.Win32.Runouce.$a

4.0.3.14531

Bitdefender

Win32.Runouce.B@mm

1.0.20.755

Bkav FE

W32.ChirBPE

1.3.0.4959

Clam AntiVirus

WIN.Worm.Brontok

0.98/18355

Comodo Security

EmailWorm.Win32.Runonce.~v001

18044

Dr.Web

Adware.Downware.5295

9.0.1.05190

Emsisoft Anti-Malware

Win32.Runouce.B@mm

8.14.05.31.10

ESET NOD32

Win32/OpenCandy potentially unsafe application

7.0.302.0

Fortinet FortiGate

W32/Chir.B@mm

5/31/2014

F-Prot

W32/Thecid.B@mm

v6.4.7.1.166

F-Secure

Win32.Runouce.B@mm

11.2014-31-05_7

G Data

Win32.Runouce.B@mm

14.5.24

K7 AntiVirus

EmailWorm

13.176.11652

Kaspersky

Email-Worm.Win32.Runouce

14.0.0.3783

Malwarebytes

Virus.Chir

v2014.05.31.10

McAfee

W32/Chir.b@MM

5600.7114

Microsoft Security Essentials

Virus:Win32/Chir.B@mm

1.10401

MicroWorld eScan

Win32.Runouce.B@mm

15.0.0.453

NANO AntiVirus

Virus.Win32.Runouce.bxafx

0.28.0.58873

Norman

Malware

11.20140531

nProtect

Win32.Runouce.B@mm

14.04.03.01

Panda Antivirus

W32/Chir.B

14.05.31.10

Qihoo 360 Security

Virus.Win32.CNHacker.C

1.0.0.1015

Quick Heal

W32.Runouce.B

5.14.12.00

Reason Heuristics

PUP.InnovativeSystems.J

14.6.12.9

Rising Antivirus

PE:Worm.ChineseHacker-2!23772

23.00.65.14529

Sophos

W32/Chir-A

4.98

Total Defense

Win32/Chir.B

37.0.10856

Trend Micro House Call

PE_Chir.B

7.2.151

Trend Micro

PE_Chir.B

10.465.31

Vba32 AntiVirus

Virus.Win32.Chur.A

3.12.26.0

VIPRE Antivirus

Win32.chir.b

28008

ViRobot

Win32.Chir.B

2011.4.7.4223

File size:

470.5 KB (481,760 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\poweriso5.exe

Digital Signature

Signed by:

Innovative Systems LLC

Authority:

VeriSign, Inc.

Valid from:

5/19/2014 3:00:00 AM

Valid to:

5/20/2015 2:59:59 AM

Subject:

CN=Innovative Systems LLC, O=Innovative Systems LLC, L=Dnepropetrovsk, S=Dnepropetrovska oblast, C=UA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

450EACFE8D673E82864CE46BC1A92FCA

File PE Metadata

Compilation timestamp:

5/20/2013 2:52:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:WaChIUErbgTvFhjs17FEUDTTup+Ts9PJYz5jtNcB+/TRfA:IhpEHgDFhm7FjDHuzJYz5jtXTBA

Entry address:

0x31B1

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00... 
[+]

Entropy:

7.8842

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file poweriso5.exe has been seen being distributed by the following 3 URLs.

http://www.joydownload.com/wi/0JILmUHERgtkFHKB0SMneg/1402631789/1/10/1/.../PowerISO5.exe

http://ar.joydownload.com/wi/V-Acb7hfWQqYh-szh5esPQ/1401680042/1/10/1/.../PowerISO5.exe

http://www.joydownload.com/wi/9lqeeedHjcwes_AjYFRN-w/1401585686/1/10/1/.../PowerISO5.exe

Remove poweriso5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.