jzipsetup-r398-n-bc.exe

jZip

Bandoo Media, Inc.

The application jzipsetup-r398-n-bc.exe by Bandoo Media has been detected as a potentially unwanted program by 19 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download15.cdn.jzip-download.com.
Publisher:
Bandoo Media Inc  (signed by Bandoo Media, Inc.)

Product:
jZip

Description:
jZip Install

Version:
2.0.0.135157

MD5:
b4e90789d21360383d355f7b12af3fac

SHA-1:
d6e43f87be4d8bf95af601e4e04e3c656c3bdee9

SHA-256:
81ce765a810039807700cd9fa27b12d9a53798ecdb591ad43dbbc2ff485d3859

Scanner detections:
19 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
11/24/2024 3:54:03 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.SearchSuite
7.1.1

Avira AntiVirus
Adware/SearchSuite.1577952.263
7.11.183.142

AVG
Generic
2016.0.3196

Baidu Antivirus
Adware.Win64.SearchSuite
4.0.3.15217

Clam AntiVirus
Win.Adware.Searchsuite-3
0.98/21411

Dr.Web
Adware.Bandoo.168
9.0.1.048

ESET NOD32
Win32/Toolbar.SearchSuite (variant)
9.10683

Fortinet FortiGate
Riskware/SearchSuite
2/17/2015

F-Prot
W32/A-546025e2
v6.4.7.1.166

G Data
Win32.Adware.Bandoo
15.2.24

K7 AntiVirus
Unwanted-Program
13.185.13930

Kaspersky
not-a-virus:WebToolbar.Win64.SearchSuite
14.0.0.2474

Malwarebytes
PUP.Optional.Bandoo
v2015.02.17.05

McAfee
SearchSuite
5600.6852

NANO AntiVirus
Riskware.Win32.Bandoo.dhratx
0.28.6.62995

Reason Heuristics
PUP.Installer.BandooMedia
15.2.17.5

Sophos
Generic PUA NG
4.98

VIPRE Antivirus
Trojan.Win32.Generic
34576

Zillya! Antivirus
Adware.SearchSuite.Win64.20
2.0.0.1976

File size:
1.5 MB (1,577,952 bytes)

Product version:
2.0.0.135157

Copyright:
Copyright (c) 2014 Bandoo Media Inc

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\jzipsetup-r398-n-bc.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
2/9/2014 3:30:00 AM

Valid to:
2/24/2015 3:29:59 AM

Subject:
CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0254DA8BDA7284120701E659BC8B7D92

File PE Metadata
Compilation timestamp:
5/30/2013 12:39:15 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:LZKc9vuER43xH0PJQn3DYjmGB+rbAUqKlV3kwgZjEpVcfaOlzgBPRndhwtKDF855:TrymPJCaEAuz0wZoiOlCdCtKB+54aR

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, BC, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 25, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 80, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 8F, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 7D, 27, 00, 00...
 
[+]

Entropy:
7.9690

Packer / compiler:
Nullsoft install system v2.x

Code size:
29.5 KB (30,208 bytes)

The file jzipsetup-r398-n-bc.exe has been seen being distributed by the following URL.

Remove jzipsetup-r398-n-bc.exe - Powered by Reason Core Security