winsys

Publisher Information

winsys is a software publisher located in Gangnam-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 3 additional code signing certificates issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
8/3/2012 9:00:00 AM

Valid to:
8/4/2013 8:59:59 AM

Subject:
CN=winsys, O=winsys, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0ed81ea1c6ad38aaf7d1d6b65e23e6f2

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.winsys.T, PUP.Startup.winsys.K, PUP.Startup.winsys.P, PUP.BHO.winsys.F, PUP.Task.winsys.J, PUP.Startup.winsys.O, PUP.winsys.Installer (M), PUP.winsys (M), PUP (M)
100.00%

AhnLab V3 Security
Win-PUP/Helper.WindoGuide.233032, PUP/Win32.WindViewer, PUP/Win32.WindoGuide, PUP/Win32.Addenbar
12.24%

Malwarebytes
Adware.KorAd
10.20%

Trend Micro House Call
ADW_KRADDARE, TROJ_GEN.F47V0330, TROJ_GEN.F47V0408
10.20%

ViRobot
Adware.Agent.233032, Adware.Agent.195136, Adware.Agent.87616, Trojan.Win32.Fosniw.Gen
8.16%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
8.16%

Dr.Web
Adware.Shopper.342
6.12%

Trend Micro
ADW_KRADDARE
6.12%

F-Prot
W32/Themida_Packed
6.12%

Bkav FE
W32.Clod1e6.Trojan, W32.Clodc85.Trojan
4.08%

1 / 68      (Adware)
setup_wdg.exe  (e09e1dccde037f2ecd8e633229adca5e)

1 / 68      (Adware)
windgdo.dll  (8b58e60eebb7cfd57d6a1b7549c3ca05)

1 / 68      (Adware)
lnkdo.dll  (fd0686d4c40c39fbab78a35c624915a5)

1 / 68      (Adware)
windgdo_uninstall.exe  (d6ad97e31a1ae4da9d92b7a1f77f7bc0)

1 / 68      (Adware)
windgdo.exe  (366941bf2eb53aeb4d9118a8df43853c)

1 / 68      (Adware)
setup_p001_s.exe (winaddtool by KoreaInternet)  (659837acf18cdcdb5510b4b6ef004124)

1 / 68      (Adware)
131578  (d41843913bb1c54a2317290125dd8fbf)

1 / 68      (Adware)
setup_kid001_silent.exe  (24eeb608379b94a0871088ead7646391)

1 / 68      (Adware)
toragnt_uninstall.exe  (2518cd647071cf038ee6bc6cfbd88ebc)

1 / 68      (Adware)
windgdo_uninstall.exe  (61cec2be897ea828f4eac66f53928ab8)

1 / 68      (Adware)
windgdo.exe  (cd90a2d731d6a7bcb2c7f3829e88630b)

1 / 68      (Adware)
windgdo.dll  (1ceb3b2e46e4e5687c6a321031964c58)

1 / 68      (Adware)
winaddtool.exe  (71cb0092cfe3525fd18bf3a77068fceb)

1 / 68      (Adware)
winaddtool.dll  (c122a2d8d258ef7194d102fafa8b0d90)

1 / 68      (Adware)
uninstall.exe  (51ba2082fcf6d26e57da29abdfc590d6)

1 / 68      (Adware)
setup.exe  (32c2481e40505cddcea20d362c734b67)

1 / 68      (Adware)
windgdo.dll  (47a6ec5e3eccef55cc80bb3ee3506270)

1 / 68      (Adware)
keywordfo.dll  (7010642fcd3f8b2866a233df5665ef00)

1 / 68      (Adware)
setup_windgdo.exe  (1d4c88607641c732067bedb1d2cef8ac)

1 / 68      (Adware)
windoguide.exe  (fef8b6168b88a156b84758a1ab2068c4)

1 / 68      (Adware)
windoguideagent.exe  (9ea380d7ec14614888ebc96e63a06c1f)

1 / 68      (Adware)
wgbho.dll  (edca7d76ea64207cb0ab5bdf26c7b97b)

1 / 68      (Adware)
keywordfo_uninstall.exe  (d57f8f1a5071173ba8f1d83d42863d78)

1 / 68      (Adware)
t7459xmp  (9ae81844150c137c07261f068e6f505b)

1 / 68      (Adware)
keywordfo.exe  (9ec1284aa77325304c0cbcd69ce3f641)

1 / 68      (Adware)
lnkdo_uninstall.exe  (06187da164066001c4bbf54b5e1ab7dd)

1 / 68      (Adware)
lnkdo.exe  (b084c248cf0408147a80498c09d9c07e)

1 / 68      (Adware)
winaddtool.dll  (8bb81ca98de1bfb3a6e771cc05af6157)

1 / 68      (Adware)
uninstall.exe  (64adca3664228f97a55ec8bd09787352)

1 / 68      (Adware)
setup_p001_.exe (winaddtool by KoreaInternet)  (fbf30955b554e3fc2a36ba3c146e5663)

 
Latest 30 of 49 files

Downloads URLs for files signed by winsys.

13 / 68    (Adware)
http://down.windoguide.com/setup_kid001_silent.exe  (4f144325add3e90259f008c513db722b)

The following websites host and distribute files published by winsys.

The certificates below are also signed by winsys.

53E706A67C7D616DD8A05245E798A712  (Sep 04, 2013 to Sep 05, 2015)

2263D93DBFB27B138E40B4C84C6F627E  (Aug 07, 2013 to Sep 07, 2014)

3BAF04F99FF424C8D66FF4FDC4A5DF4B  (Jun 29, 2011 to Jun 29, 2012)

The following publishers (by Authenticode signature organization name) are related.

* Note, the details and description above are based on the code signing digital signature issued to winsys by Thawte, Inc. on August 03, 2012 with the serial number '0ed81ea1c6ad38aaf7d1d6b65e23e6f2'.