winzip10.exe

WinZip Computing

This is the installation and setup package for WinZip, a file compression/decompression utilitiy that has a GUI to zip interface. The installer might bundle additional software offers during setup including the AVG browser toolbar. This is a setup program which is used to install the application.
Publisher:
WinZip Computing  (signed and verified)

MD5:
c802c41190785151c109d6b93ae5ce77

SHA-1:
2ae2651b071c5f1dd9d03fa9867dcaa849da247f

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 8:25:12 AM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Trojan.Generic.KDZ.115
8.14.11.03.06

File size:
4.1 MB (4,277,864 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\documents and settings\user\bureau\20 0960 13 ind cons suret 2013\copie de 00 0004 autres logiciels\winzip10.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/22/2006 2:00:00 AM

Valid to:
10/19/2009 1:59:59 AM

Subject:
CN=WinZip Computing, OU=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4EC7C5C8BFACA1653B9B82E329F1B36C

File PE Metadata
Compilation timestamp:
6/6/2006 8:22:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
98304:EcAiM9Z29yVjYfwrtKTQHtCfpghkbj+WbHdquaqELZu+R:Ecu940jUwgQEfpgWaWbHAzqELzR

Entry address:
0x73E0

Entry point:
6A, 60, 68, 68, C6, 40, 00, E8, 80, 03, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 08, FF, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, A4, C1, 40, 00, 8B, 4E, 10, 89, 0D, 54, 1C, 41, 00, 8B, 46, 04, A3, 60, 1C, 41, 00, 8B, 56, 08, 89, 15, 64, 1C, 41, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 58, 1C, 41, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 58, 1C, 41, 00, C1, E0, 08, 03, C2, A3, 5C, 1C, 41, 00, 33, F6, 56, 8B, 3D, 90, C1, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
44 KB (45,056 bytes)

The file winzip10.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to st.openinstall.com  (184.168.221.46:80)

TCP (HTTP):
Connects to oi.cloud.avg.com  (204.193.144.33:80)

TCP (HTTP):
Connects to inst.avg.com  (204.193.144.89:80)

Scan winzip10.exe - Powered by Reason Core Security