» winzip19-dl.exe
Overview
Analysis
File Details

winzip19-dl.exe

WinZip Computing LLC

The application winzip19-dl.exe by WinZip Computing has been detected as a potentially unwanted program by 2 anti-malware scanners. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

winzip19-dl.exe

Publisher:

WinZip Computing LLC (signed and verified)

MD5:

aa416b3cc077328b1539bde1fcefe893

SHA-1:

33fe4d87bd39cef281aeef4f374a4ec760885ed8

SHA-256:

0e791a3337caf3b37a7b5e885ff6623fe34dfe0e453e85ede64b901464ffb304

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

11/27/2024 12:26:13 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Trojan.InstallCore.62

9.0.1.05190

Reason Heuristics

PUP.InstallCore (M)

16.4.12.22

File size:

861.3 KB (881,984 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\winzip19-dl.exe

Digital Signature

Signed by:

WinZip Computing LLC

Authority:

DigiCert Inc

Valid from:

2/8/2015 4:00:00 AM

Valid to:

12/9/2015 4:00:00 PM

Subject:

CN=WinZip Computing LLC, O=WinZip Computing LLC, S=Connecticut, L=Mansfield, C=US, SERIALNUMBER=3952106, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

07D6D1C205EA8F9307404B7DE7AD6A55

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:5r30a58aPAp7EhUeYcco41wFdrwgyqCdU3T1PpDMMJ:l7fPAhEQwFdEgyqCW3T1Pp9

Entry address:

0x9C40

Entry point:

F0, B9, 40, B2, 40, 00, A1, 3C, CE, 40, 00, E8, D0, F7, FF, FF, 83, 3D, 3C, B2, 40, 00, FF, 74, 0A, A1, 3C, B2, 40, 00, E8, 9D, F6, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, 87, A2, 40, 00, A1, 28, CE, 40, 00, E8, 26, 87, FF, FF, 83, 3D, 3C, CE, 40, 00, 00, 74, 19, 6A, 32, 68, FA, 00, 00, 00, B9, 0D, 00, 00, 00, 8B, 15, 3C, CE, 40, 00, 33, C0, E8, B8, F2, FF, FF, 83, 3D, 34, CE, 40, 00, 00, 74, 10, A1, 34, CE, 40, 00, E8, E1, 91, FF, FF, 50, E8, 83, A2, FF, FF, 83, 3D, 44, B2, 40, 00, 00, 74, 0B, A1, 44... 
[+]

Entropy:

7.8637 (probably packed)

Code size:

37 KB (37,888 bytes)

Remove winzip19-dl.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.