oiassistwtd.exe

WinZip 17

WinZip Computing

The application oiassistwtd.exe by WinZip Computing has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address inst.avg.com on port 80 using the HTTP protocol.
Publisher:
WinZip Computing  (signed and verified)

Product:
WinZip 17

Description:
WinZip 17 Setup

Version:
1,18,0,2917

MD5:
ffd6c327c444e4243eb207306b11686d

SHA-1:
2ca3cf69c2c9dbd748c42012b9d7fe1555e2e156

SHA-256:
12de4f8a145810e2299e8d0f15fb33812a58d39cf9c580260d0066cadf03b7f2

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Includes Open Install, an installer which bundles legitimate programs with offers for additional 3rd-party applications that may be unwanted by the user.

Analysis date:
11/27/2024 2:44:12 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.1348
9.0.1.0121

Emsisoft Anti-Malware
Trojan.Win32.OpenInstall.AMN
8.14.05.01.10

ESET NOD32
Win32/OpenInstall (variant)
8.7893

Reason Heuristics
PUP.OpenInstall.Installer.L
14.5.1.22

Sophos
4.96

Trend Micro House Call
TROJ_GEN.RCBH1A7
7.2.121

Vba32 AntiVirus
Backdoor.Swrort.aur
3.12.20.2

VIPRE Antivirus
Trojan.Win32.Generic
21402

File size:
360.2 KB (368,856 bytes)

Product version:
1,18,0,2917

Copyright:
Copyright © 2012

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\oiassistwtd.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/16/2012 8:00:00 AM

Valid to:
4/14/2014 7:59:59 AM

Subject:
CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E4842AC9691630B45F8266C0ADB1206

File PE Metadata
Compilation timestamp:
9/26/2012 9:13:36 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:H7Gvd29S8Z9xzjHiEcZZL2hI44MjGdSdsB5uAdnBKhCXsK/WNqsGTUL0u:H7lZZ9dHiEcZZqu44MqSeB5uAdnB1Xsl

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 18, 04, 00, 00, 53, 56, 57, BE, A4, 30, 40, 00, 8D, BD, E8, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F6, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E8, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, F0, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, F2, FD, FF, FF, F3, AB, 66, AB, 8D, 85, F0, FD, FF, FF, 50, 8D, 85, E8, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, E8, 0F, 01, 00, 00, 84, C0, 59, 59, 74, 15, 8D, 75, F8, 8D, BD, F0, FD, FF, FF...
 
[+]

Entropy:
7.7385

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to st.openinstall.com  (184.168.221.46:80)

TCP (HTTP):
Connects to oi.cloud.avg.com  (204.193.144.33:80)

TCP (HTTP):
Connects to inst.avg.com  (204.193.144.89:80)

Remove oiassistwtd.exe - Powered by Reason Core Security