» setup_magiciso.exe
Overview
Analysis
File Details
Programs (1)
Downloads (15)

setup_magiciso.exe

The program is a setup application that uses the Wise Installer installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

setup_magiciso.exe

MD5:

e68fe962c6d65a480538cd9367eb0480

SHA-1:

d4a09452bf1f29bf17a25a60fa0d1e1a44b03b98

SHA-256:

caefaf3565940783a58d50b1720992067a947a133c9abfd403308b7c9be5c346

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 5:57:09 PM UTC (today)

Scan engine

Detection

Engine version

NANO AntiVirus

Trojan.Win32.Ramnit.cqwvfq

0.28.0.58394

Rising Antivirus

PE:Trojan.Win32.Generic.12534EC6!307449542

23.00.65.14319

File size:

2.9 MB (3,067,375 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Wise Installer

Language:

English (United States)

Common path:

C:\users\{user}\downloads\setup_magiciso.exe

File PE Metadata

Compilation timestamp:

4/25/2000 5:37:12 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

49152:xtD5UufuNxrGP1WIUuJe9CGIjVKYhiOUIsMLF+p8fpCdjq5oyxLWv/XPgk9sBdAv:X/WtuUuJe9NZYh/hLF+UUYLqvPgk9sBW

Entry address:

0x21AF

Entry point:

55, 8B, EC, 81, EC, 2C, 05, 00, 00, 53, 56, 57, 6A, 01, 5E, 6A, 04, 89, 75, E8, FF, 15, 54, 40, 40, 00, FF, 15, 50, 40, 40, 00, 8B, F8, 89, 7D, F4, 8A, 07, 3C, 22, 0F, 85, 90, 00, 00, 00, 8A, 47, 01, 47, 89, 7D, F4, 33, DB, 3A, C3, 74, 0D, 3C, 22, 74, 09, 8A, 47, 01, 47, 89, 7D, F4, EB, EF, 80, 3F, 22, 75, 04, 47, 89, 7D, F4, 80, 3F, 20, 75, 09, 47, 80, 3F, 20, 74, FA, 89, 7D, F4, 53, FF, 15, 6C, 40, 40, 00, 80, 3F, 2F, 89, 45, F8, 75, 28, 8A, 47, 01, 3C, 53, 74, 04, 3C, 73, 75, 06, 89, 35, 58, 53, 40, 00... 
[+]

Packer / compiler:

Wise Installer Stub

Code size:

8.5 KB (8,704 bytes)

The file setup_magiciso.exe has been discovered within the following program.

MagicISO Magic ISO Maker by MagicISO Magic ISO Maker

Publisher's description - “MagicISO is a powerful CD/DVD image file editor, CD burner, and CD/DVD backup tool. It can directly create, edit, extract compress and burn ISO files, It also can convert almost all CD/DVD image formats to ISO/BIN/CUE.”

www.MagicISO.com

3% remove it

The file setup_magiciso.exe has been seen being distributed by the following 15 URLs.

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1482109634&Signature=ATKtF2Umd~VfLYD4CDH1PriUs6hB-Nk5WN-a8BLrC~LesAhnYcF-VErbi46T0sRoI~BnGP13tV7KD0D6EpyGNc4zA-Gmzfs9lSh~~egiMdAiHMyfDT-~~C2ji5heTHGgZdKA--wZbgNwjNt6OlCVsHVYfIEshzMBL1baVYOnbKc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1473418314&Signature=O6q3oBlYcc8iZo86R-ZOPEvbgg6tq3m~l-qiZckV5a6spGPMTgYAML96SZ8pDbqoIpR-BsdsVW9h-rhuhG8jq4nDfDU~7EjVDkVkJjr9npKGFQfV6AJTrWfmnvm7Ravwoc0Pi9Jf31uyFbBA1nj9G3QSAMORKmKCzJaMPKVS0yU_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_pl&type=PROGRAM&Expires=1457142600&Signature=VluO60XgVTqIYY95MCWJVPs~n2hLy2n2umzgOSv3NW~JG9EKX4z62fVCQ0bB71e0QFYviDoK2PBQ9hu9YN-~EV~vDALtKdYZF7-jKY9NnYtAyZmSS1SolBIAr7Ygj4xHLQGwlaul~ZTNAetVI3qBY-C-k0r2O1txCxzqFbduv~s_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_pl&type=PROGRAM&Expires=1476222906&Signature=GH38vObwdQ9-MHOor4~zlx0~w~8qj0ZhZqIhqHGsuufbt8K9Albg5CS2t-hasB0~IQS4C7IDMxfVg~MV-D~JXp3CU2UUxCTj~r4cIG7wVJuRkg5EzzRv4daRtkmZtdbPqHQ2Ky6rHkNYutk9KVO6TUnak7URLSNal7XfZaEG0VE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1476663999&Signature=E0RcWZBlCqxqfYeYqDjGyQchTB9TBJBXx-eMqH8L2astn-lz6LgM9u2juekXw5o59u5XET12fU5JEitgt7x4HkJ36AJCitTqfuB0C0G~LEdrn9B-D3t01JWHyWu9uOeO~QP6KUXuFMVKb01PLc3l3vYf~heXDafJGNI4kyKzpoA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1479974658&Signature=M1X0xdNhN6IoGs6ndkBk5PTP80MPpnKldA-z5Bhjr~ytVwX-rD2LaLALR~76wFt8cgaXv8GBfl4rjL-wiyv3oe~Rc7KYRgEK0Fao9SbovdgaLNx54mDoEr95OTIUz10cP8pxqJhTTpYuZFnPCx9Eq7Wl6rtlCBh6cJmfXhoW-R0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1478333078&Signature=KktXHD4Y9PsnAWqJN7Qx8iDXXUkNtkMpHao1lyJFMj2XtFIowG2ooYxX1IkPzBdpqwErIMHpmim~lsdN8Ikvwq9zH8mRNFKZyS2ISyUT0zIgy0PDWSg5wR0dSjZsr9IIcJ6SlOUgAUMxG64-6IFljZ0XlLO3w4hI25WSqQtTMAI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://filehippo.com/download/file/.../

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_pl&type=PROGRAM&Expires=1443851879&Signature=XFs2Yx8h-LneQW6yZ6dRMrA-tR~ossH28TiGVNko1SNaxnqGUrdZmbyddCi6MeVUdU3xqjCsNTBRG-GtaFcuNY2j0Ev4FzZejNe2BKy3K02WkovZmmoY2Xo8W8klNGbEmIvzv1jRajOgbGFeRns5XM0YFSPd~ruivFv1pDRzqv0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1461131742&Signature=B5xlry94bU9y0Ny~FO3i2-2CQLWccK0Yb~h0Pr-JN8yi5J97U3I000Fzr11WCR5l975nFOLPTXVLFYeSwCn7h5SHw87Uj4Xn10Huh4L9TDlsCH3ZJJkYnlsrZzRctJM4977KcabbdXD7kqQEQ7VPeCLR9Z~a~7mrx7yI5TFyR~g_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_pl&type=PROGRAM&Expires=1460599384&Signature=M2UjYQC864-SnViArbpFEc94F97q7pnLsIKuyRArZF6smnKlOcsY5ZYW6~BPFN3KtYgu36UEoAviPaxjuIEiXE0~2nOepTq0khR9uTEPLyzYbG7GGtSFTtujAGnbaWINJY2at9~ZYJd94uH09aFwJPa5bZ7QV089dvh-fHfD5Po_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1459082183&Signature=W3o5o6D0R-TTGJc6DyaXzyIOHa~DL10RNDklIg9yC-4vK89PktqTV~B8vcW-VTIyIXRZ73n~HOhb5YPlJw63yTnniZPtYtTa9MGif~aV1oHyLiG3vBJdp~3Ra9HNRz0KeaLwjb-JOa7BrzUYKEPk70lIzPA65qGjmD8CfEXuko0_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://filehippo.com/fr/download/file/.../

http://gsf-cf.softonic.com/d4a/094/.../file?SD_used=0&channel=WEB&fdh=no&id_file=40396&instance=softonic_br&type=PROGRAM&Expires=1443241238&Signature=YcUEheWA0HksouYB6~p4GF9ApfHXhVYgIBy~7oxGKI9-TqnaCq5P807VXt7SOaYYBA8UYJIVSdOxc1PBTa8TNaFRhrdqXCEswICywBUDTLERwYvL9KUoqqjl2mDDVN2aLSuFjlatCnUALiD-nJP6UrMMSAQsk32jHeonkFxwlDk_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=Setup_MagicISO.exe

http://www.magiciso.com/Setup_MagicISO.exe

Scan setup_magiciso.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.