home

winiso.exe

WinISO

Macgo International Limited

The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.vaultsfunconcepts.com and multiple other hosts.
Publisher:
WinISO Computing Inc.  (signed by Macgo International Limited)

Product:
WinISO

Description:
WinISO Installer

Version:
6.4.1.5976

MD5:
06a724b5711b2bcef3dc01f0b194b462

SHA-1:
a43d52f2950f9146536b5aa8947694f0e7d38b48

SHA-256:
8bf753d8b71cf7616574938283e8712c3d87aff2518ac66ef7a8a69253763403

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 9:09:58 PM UTC  (today)

File size:
6.7 MB (7,046,064 bytes)

Product version:
6.4.1.5976

Copyright:
Copyright © 2001-2016 WinISO Computing Inc.

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\winiso.exe

Digital Signature
Signed by:
Macgo International Limited

Authority:
GlobalSign nv-sa

Valid from:
4/28/2015 7:24:24 AM

Valid to:
4/28/2018 7:24:24 AM

Subject:
CN=Macgo International Limited, O=Macgo International Limited, L=Kowloon, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DC602F450A228D4997AB752BEC96A86B

File PE Metadata
Compilation timestamp:
4/10/2010 7:19:23 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:ATGonqYQnelFLLbCGRt6Hqf0LC9sV7DuYHemav0zd+Z7CatBB0ro:AC2JRFLLxySf2+Syvi+4ur

Entry address:
0x33E9

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Entropy:
7.9990

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file winiso.exe has been seen being distributed by the following 19 URLs.

http://www.vaultsfunconcepts.com/CRMdEzrkRPnLhz1U4seFCSEtn_3KC4RkuPwcY1Q6jakPEek5z_kTbU2PH4YoqmE7Ye191be1n7Pn 56OCzWpCQ6hx0ZBR8KCMe3w8Las_NDDIU_NOUAvLh9XrWwM8Whzf9Ywrp_b7VMS5aGeRBP y3yzpyXqPWehWcHzrvc3dFIRwNS3PybUhALJ0Kex2gW75eg_ncycnXdh2_qIxSwuWr2UisbC1h_NoinGC3LUv5ySUW9TRcInFDNP8MCf8dDG9g01Unb3rfdU47HokZdhm1fhCxms4iujJIea7QR5ZQSJ3EmRWEOHugP o6lOmZuu4ttraArZ2kAzbtSTgzWX 9zldgvHe leWMH2MovzV7H64pBpqrpzvel9nEkqnYkM6n2HCgSMs6vqI vv4dk6zK0Gj3aqlIHxxbLdNK0KlgITaDTftGta7dR0pkdp YKvI8JcW3u4Om4RRLqaVYwMSnDh9POWOoZcPN7GFB107a7SJy2_ ZT_2MJsCaJiLrx3kFXlBIydrseoExbvsUSASfS3fPsj6KFTGloZ6IwDmjZzigikVNRftsxkiujDJPLhtlY4k6 tqW0YUlH0RKwEAJnbNM3IhoGqXXVcyVLhH6j1QBEPeJT49QrOsaggHbYVl44EBVka-G7ABAOTQzbbpumGXNPTfoe4jkkAwq7jBgUO_bL4M8oALDLJtsgkPOhm6eRRflzDRJk6S2I4XPx6gf6THEjZNAcQCnBjJQLsG6uABJwFvgEwoiL9lTsqBjB4yk3Wu8icHZLytEiCjmT9uo tFjB7j5S6YrzN340TT0xkX6uLDfXwQtRbOY43VOYj1YGEURpPadeHNR8QSgFY_W24CQCsZiB1r7RfXN9xfmF24s6a3o3lvZ_Oabuxltp9tmHlomyNP1G0nGmMs7uq9C5cOoAXIhEx4Ld8cyMjUKdMZBWSX7AH6FCAjOsICTp5KWvd Ds

http://lb.cdn.m6web.fr/d/c/a/93be9aec5a1b42ff10f4945b58f5264e/57f52e77/soft/.../winiso_6-4-1-5976_fr_10480.exe

http://173.224.125.14/.../isoopener.exe

http://dw.uptodown.com/dwn/rGsJVc54rb6602ChVHiFW7_YnvlKBZIKSqWC2B4tV9affm2CB9l6o4k30JXh0lQdIUWtBFWoXojT73gqtM6xAr-mFbNBAuyDbjX_h3ONBYv_5ubmVMKEscAGrQLgzyo0/dHVrikUr9B4mXeDRqXv2vxDiBo7mjXELLbd_mZyh8qzhqNBqWKdkaUVSaewYnMuqnAKNJPJO5VzNahaGjwlkuhX_cy5MZ8qSRKykjv9vRaAOaGmy3ANMsuYjBaKN7IrN/gpPdB7QZFKgBpyLhekmRiDSQ_mI2VAwmIOi14cS984H5D5p1ob_j042NlRg_LPbaJ34htYAXinUHW2YaVgB8Di9yRUNaibnSRycM6Ur9nyher9qS2VKsBtI-gR3nEBh1/.../

http://lb.cdn.m6web.fr/d/c/a/a4e7c658e03fff2c7b7df27c7b1cd1a8/57da41b1/soft/.../winiso_6-4-1-5976_fr_10480.exe

http://dw4.uptodown.com/dwn/d32lq-Fsb6DOzx_FqOvkpOYZhQUNTHhFPPcWiHKFt2VgMrTImBafzPWmXkaZxpIEHuI30n03DoAGbAucw2Li8VLcOc563Gq4keA1sQnrcWxpBDaxlpYUS19gTn2-SiXh/royMwzDNhTeWNr2Td8ajLV9x45ms6wW-gNsMFtmtDSzZV38-MbKcKz8HzkzUnDGe79Yhg-FLQrb142A12yDkR1YRDmhBEc_EX5By4FjspjCppZzwbfNCEf6P8EXlvTeA/l-g2dRMAuj4rV_4nFn4wGlEhgSltGRN6oRHgfj2WDh0l-scPFi2BbtqAY_knkrYL406iLQi6eDY2LMdU3CdtPYaUz0_QCFcGCaARGObTmvYc4tDv_Y6HpEZ4srBJuuu7/.../winiso-6-4-1-5976.exe

http://www.lo4d.com/get-file/winiso/.../

http://winiso.software.informer.com/.../

https://dw.uptodown.com/dwn/-zgTpKecc9LqtX2leAgAr9p6_yBHDAqxMBNdk7gg2EJTCfKq5mRE1CfeTZViPWxfqO7Wa2IlSDUTogfiGZcg0Rkdlyu1la7umhIBWzY0TY8-eL3wJWLddIgK8_dDVoyR/ESvZP_jBXvvl3c2MIa9wZAzVDaFsHDmgklUIuJn6dhWYWtph3KleV6yG0XAEkFUOXNGAd_Y6kt0Kdje03ddg14oQCIFB3WbewTUURfH72xz5gEqawxY9NbYkJwMcD0UY/v7YJQrrSsmf692Tki3aJ1byv48nlfo3BkaX7zdO1PcivF3Oq4GFepS1QkeIwHWfmCBd5Ch9nG7zSUETKdd72edUxTM-m-ztDu88BJB4rOwSOc3Ek7lONkBrpe_zM-T2p/.../

http://winiso.de.softonic.com/download-tracker?th=1/.../eyLkwUPT1DhfS5trdyZ xsib900rcEo18wqjfagP2bgWFoWa6GihBr2gm28y83SK4B5TZWVNq9qHaSoYXZHzDY=

http://azourl.com/?jm8d9k

http://lb.cdn.m6web.fr/d/c/a/d88147df3472d95de4d50b128128a1eb/57a215c5/soft/.../winiso_6-4-1-5976_fr_10480.exe

http://lb.cdn.m6web.fr/d/c/a/f4b84b1834a0be225d60549f87d79331/57b31206/soft/.../winiso_6-4-1-5976_fr_10480.exe

http://winiso.softonic.com.br/download-tracker?th=1/.../eyLkwUPT1DhfS5trdyZ xsib900rcEo18wqjfagP2bgWFoWa6GihBr2gm28y83SK4B5TZWVNq9qHaSoYXZHzDY=

http://winiso.softonic.com/.../trmsvRChbxdrflJq3ZIylWtAJKug4ApNfQLscYPFtCg 8 01mUIxRaDavqmSwSp0IN0eZ0R6bAdneRQVfiyvFfavRwFCpZxRqKdXFe7rEzl8nN5Z o5OzAES93XHfFhbtmEMRsh3I3PuxrWfefE1rLE=

http://winiso6.en.softonic.com/download-tracker?th=1/.../eyLkwUPT1DhfS5trdyZ xsib900rcEo18wqjfagP2bgWFoWa6GihBr2gm28y83SK4B5TZWVNq9qHaSoYXZHzDY=

http://www.cdrinfo.pl/download.php?filename=winiso.exe&id=1193212633&baza=soft

http://www.winiso.com/user/.../winiso.exe

https://secure.avangate.com/affiliate.php?ACCOUNT=WINISOCO&AFFILIATE=678&PATH=http://www.winiso.com/user/.../winiso.exe

Scan winiso.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.