» winima85.exe
Overview
Analysis
File Details
Downloads (9)

winima85.exe

Manutius.com MicroSetup for WinImage

Gilles Vollant

This is a setup and installation application. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.

File name:

winima85.exe

Publisher:

WinImage (signed by Gilles Vollant)

Product:

Manutius.com MicroSetup for WinImage

Description:

WinImage MicroSetup

Version:

1, 0, 0, 1

MD5:

d08d9fa1c8131eb32120ec804f56a7fc

SHA-1:

c60eea279215c86e0efb9702f5c0de2d62fa2132

SHA-256:

ca9bab1ee89a3ec2750c8f917c4205013a685b76aa5179c9be41536e12ba0d42

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 11:23:13 PM UTC (a few moments ago)

File size:

742.5 KB (760,368 bytes)

Product version:

1, 0, 0, 1

Original file name:

MicroSetup.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\winima85.exe

Digital Signature

Signed by:

Gilles Vollant

Authority:

GlobalSign nv-sa

Valid from:

4/16/2007 8:16:28 PM

Valid to:

4/16/2010 8:16:28 PM

Subject:

E=info@winimage.com, CN=Gilles Vollant, C=FR

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

01000000000111FB9C2CBD

File PE Metadata

Compilation timestamp:

10/26/2009 9:31:35 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:E8bVV7OeNexfkSFmZM7dAjWu9STV5lJpvRUOPOCgyBm1Vjzi8cJoc2:EiNOQeZg6Jut9+pvRUOPOCTBmXPWH2

Entry address:

0x17E60

Entry point:

60, BE, 00, D0, 40, 00, 8D, BE, 00, 40, FF, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Packer / compiler:

UPX 2.90LZMA]

Code size:

44 KB (45,056 bytes)

The file winima85.exe has been seen being distributed by the following 9 URLs.

http://gsf-cf.softonic.com/c60/eea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=1523&instance=softonic_es&type=PROGRAM&Expires=1447561285&Signature=GM-5bb3Ee8sCyU3qGg1DS11~33E098756UnrEcadS1aLltYcB3dhMwaO1VyjubjhZA~jolKRkkKEuvw-9rSzOKm5BXHrtgWHeiLDXCxOvnmYtNyEMrQLcvgZHGgToFbiEYnPE9-UGU32IstVHe1E0R9MUfvB2QN-Ztndzx0h3p4_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winima85.exe

http://gsf-cf.softonic.com/c60/eea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=1523&instance=softonic_br&type=PROGRAM&Expires=1476081069&Signature=D1DiaM5nM1oXnbIfxUlWmWUfAL4UVLJ6TBJmfBH1eH-msmNs39PVUmbLzHptYS9aeGigEFl01nz0iKfjIBQCrsgIW6dsWmNjNL36aVI-9FKZiIg9LQyXm6c~cSesX8GBapgzHyWr0EnfwKxJP4znVQcy9hpcjPrrKvxAAvPuSr8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winima85.exe

http://dc722.4shared.com/download/.../winima85.exe

http://gsf-cf.softonic.com/c60/eea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=1523&instance=softonic_es&type=PROGRAM&Expires=1477434941&Signature=PDHN-XksfguLOWnWdRUTbhjuZVPLz3kKY7aPCmtwD~I22x1FXzm34wFO03d5eFsbXIaMr6AimzD-7knlRgB92u88pchpVL9kh2rLyHmKJoRlzvO88E~q024x67ywDrFbo7ApvSZWaBY0et4X~lID6aw2008gyBK3Q77-AL-K2~M_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winima85.exe

http://gsf-cf.softonic.com/c60/eea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=1523&instance=softonic_br&type=PROGRAM&Expires=1445670419&Signature=e004V6ljnvfuDbDEwIf24gK~A~D55aNPeoQ35pPKv6aL~hoD2jKJhW0dSTKCe4q3PUYI7CkBs1ScIgAgVIe3GZTCsQ-ww1h84BKMU1oxJmvK8AzY~VIkCZ3ERSCNhcf0B7PhykCymxtt4TpZaykORhSFP6FMTqxiGft9s4nZhFE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winima85.exe

http://gsf-cf.softonic.com/c60/eea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=1523&instance=softonic_es&type=PROGRAM&Expires=1462806749&Signature=aXhqs2~8M3VEspDkBLlEWFCWjBhxvDtcvcVe7H1CHgtBNUUHUsm~dIqgVvpJ5gWZbINbI1DBFlfDcASBV5FSFu~8Bk9xfVaV7x4lTL4QGR~oU8gXVGf92wLSaC3Az~JaNMNc5RPDaUH0ORGPHpx~m7cYD5qmeEbIafrzPMqW8Lc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=winima85.exe

http://gsf-cf.softonic.com/c60/eea/.../file?SD_used=0&channel=WEB&fdh=no&id_file=1523&instance=softonic_es&type=PROGRAM&Expires=1426546280&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=F1xDp6UNx-gd7hKLykcgg6fklun6AjyF26Pm0zbOvp0z4Il42pjzGWmSOqboXLYQrJymw85o8o~h7TzKjXAepOSvRZ7mn5y8AwQr18vZXyHV1g948jvCcFjzSMy-OIF49a~4qhHrBRA83lsS6c-1wB1k8q01k7l3QnV8SOMyi~o_&filename=winima85.exe

http://download.roro44.com/.../Download-1961-winimage.html?sdi=15187

http://www.winimage.com/.../winima85.exe

Scan winima85.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.