winzip19-dl.exe

WinZip Computing LLC

The application winzip19-dl.exe by WinZip Computing has been detected as a potentially unwanted program by 2 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
WinZip Computing LLC  (signed and verified)

MD5:
aa416b3cc077328b1539bde1fcefe893

SHA-1:
33fe4d87bd39cef281aeef4f374a4ec760885ed8

SHA-256:
0e791a3337caf3b37a7b5e885ff6623fe34dfe0e453e85ede64b901464ffb304

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/27/2024 12:26:13 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.InstallCore.62
9.0.1.05190

Reason Heuristics
PUP.InstallCore (M)
16.4.12.22

File size:
861.3 KB (881,984 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\winzip19-dl.exe

Digital Signature
Authority:
DigiCert Inc

Valid from:
2/8/2015 4:00:00 AM

Valid to:
12/9/2015 4:00:00 PM

Subject:
CN=WinZip Computing LLC, O=WinZip Computing LLC, S=Connecticut, L=Mansfield, C=US, SERIALNUMBER=3952106, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
07D6D1C205EA8F9307404B7DE7AD6A55

File PE Metadata
Compilation timestamp:
6/20/1992 2:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:5r30a58aPAp7EhUeYcco41wFdrwgyqCdU3T1PpDMMJ:l7fPAhEQwFdEgyqCW3T1Pp9

Entry address:
0x9C40

Entry point:
F0, B9, 40, B2, 40, 00, A1, 3C, CE, 40, 00, E8, D0, F7, FF, FF, 83, 3D, 3C, B2, 40, 00, FF, 74, 0A, A1, 3C, B2, 40, 00, E8, 9D, F6, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 87, A2, 40, 00, A1, 28, CE, 40, 00, E8, 26, 87, FF, FF, 83, 3D, 3C, CE, 40, 00, 00, 74, 19, 6A, 32, 68, FA, 00, 00, 00, B9, 0D, 00, 00, 00, 8B, 15, 3C, CE, 40, 00, 33, C0, E8, B8, F2, FF, FF, 83, 3D, 34, CE, 40, 00, 00, 74, 10, A1, 34, CE, 40, 00, E8, E1, 91, FF, FF, 50, E8, 83, A2, FF, FF, 83, 3D, 44, B2, 40, 00, 00, 74, 0B, A1, 44...
 
[+]

Entropy:
7.8637  (probably packed)

Code size:
37 KB (37,888 bytes)

Remove winzip19-dl.exe - Powered by Reason Core Security