winzip19-lan.exe

Generic Internet

WinZip Computing LLC

The application winzip19-lan.exe by WinZip Computing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdn.winzipdelivery.com and multiple other hosts.
Publisher:
Software Program   (signed by WinZip Computing LLC)

Product:
Generic Internet

Description:
WinZip

Version:
4.0.1.4

MD5:
d531b3d957bffef39c15909be4ef8155

SHA-1:
665331f39ebb234320cdf9cc5c0859803405586e

SHA-256:
e5becfb2b0f6ae07e83ae2fa6e4b624b42d52d148b80c7153c31f83571311fb4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 7:35:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
16.3.5.21

File size:
1 MB (1,079,200 bytes)

Product version:
1.8.3

Copyright:
Soft

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winzip19-lan.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/10/2015 12:50:10 PM

Valid to:
2/11/2016 12:50:10 PM

Subject:
CN=WinZip Computing LLC, O=WinZip Computing LLC, S=Connecticut, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213AC849B929DBABC960315B5B9070927F

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:a6llHDVD/kPF/j6chn02tl2/MGhuy1EZTcus+gI4dl7ul:aoDiRj6ch02tlwMGh/1SZsJIk+

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8776

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file winzip19-lan.exe has been seen being distributed by the following 50 URLs.

http://cdn.winzipdelivery.com/c?fallback_url= &x=tXRXvdQ9LP1knT/bkMsF/.../kDAilAZZM66fgYRSY5JPuOpuzWMsWFNWQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=/.../G3Mw==

http://cdn.winzipdelivery.com/c?fallback_url= &x=bULiP6XvJ2dOard53 eP75foQekpDtXqE4oYbkyKCko=&downloadAs=winzip19-lan.exe&c=S NVsiXvfCA7o5GiZjewaNXzJ9TrphP1U tBMBL5RAAqbW6cI vtYf7AdOJ A6wvyyDBJwNaHyl0vheHiQhWvw==

http://cdn.winzipdelivery.com/.../knQ1BoU vrb1ub0fZhwM0HXaaP0mava97laESRMSIYtNHma9czFSQlQU1dJCuGkziwFZ2KMpOSHQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=N5w2hptHnKZ 2/ZnC8com0LzgF4etiysl6i98lkh/Gg=&downloadAs=winzip19-lan.exe&c=0EavWHgJqg1wybf5BYRzTxgWozw plDsH32vNdfeAyzigY7R6pni3hQGHJxrGo E2FbN TBNWUJx8aD/.../LUQ==

http://cdn.winzipdelivery.com/.../62cdPn4GaCEC6o=&downloadAs=winzip19-lan.exe&c=dukGX2rlbhg3ALJSERI9XJEnkWk8vWVPwZ5NbRvNqyDKOx8Yw40s545gbb5B34NzQXEUc VdIMUnGn5M1wdMYA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=tlyhLelgQuYth76ZG1NSYnKwkgbQO7E6ebZXnAzZQO4=&downloadAs=winzip19-lan.exe&c=WAVUsqAOYDAnFo 5picXTvOIRGmEvHKgRZOmODV0IjFdj23cyJzGIopl7wm tEfG95kKFxGrM8qeSuKhqTCM4A==

http://cdn.winzipdelivery.com/c?fallback_url= &x=TuP1 LS8Wx6X5hqaJLJcUx9vCXn6ZOmYbtG3mAArEE=&downloadAs=winzip19-lan.exe&c=tN9kaEI7cQnTwlX2vtQO2RiIs0OJUQaGYhGfcOHUoa hs7o74Zgzavm5zVYfZt7U8kLKrfFyFk59UpCrnv5Czw==

http://cdn.winzipdelivery.com/.../3o2BmORddTN4VQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=MWiRQjJv5oVrJiBLM3v4LPzWPxSuMriR0AN4VuLA8t4=&downloadAs=winzip19-lan.exe&c=n0QL4fXsUcHVbGGBgF/.../6Ne0Rot2srIP7Q==

http://cdn.winzipdelivery.com/.../2si7kB2uiXwQpbUWd2nLVNoEUdN7aPX0Q==

http://cdn.winzipdelivery.com/c?fallback_url= &x=7bBscv77J4OQ9/BnvXe5FAxJOKw1IF5CA7/.../uklbgo=&downloadAs=winzip19-lan.exe&c=6s xcdrsgLhDM5oFRaxLFD1LKr7KMl9xtxThEInKWpey0WlF4O40lpPKvm3iYBNG23WiSzflNC0YzIpQiStTUg==

http://cdn.winzipdelivery.com/c?fallback_url= &x=LiFTkiDKW2NVuchq8uK8E exb9knATnl77StHB2Ie9E=&downloadAs=winzip19-lan.exe&c=iE5chrBJ7mQEmcsiGXqIqcgxeIGJF59uDtgI5Q27DpAMny1jU BnsGnC6BfHtiP7lJi1 Hno3jxGuB8GI9C2Hw==

http://cdn.winzipdelivery.com/.../oEDALnlpebaHF0Adh l5n8JRc1szWbGmv2fByrqMUhUqeVLFV4IngTZnk6VUFdAwoNQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=1n2Lt2wizTC8kXmaEIAe/U6i4u6 ZNxRn9cyjuIFk/s=&downloadAs=winzip19-lan.exe&c=fdy4 0GLPZVL530uB3kwcm/W/qrtWQsJoSnrxqSep9ciHqBg9S/.../bA85pon9w==

http://cdn.winzipdelivery.com/c?fallback_url= &x=eCRI6RvW5pB79fcSJDNDMRm21KltpEF7vgBswHjjR3s=&downloadAs=winzip19-lan.exe&c=aauliSH9WnvdqwAqMcFocjHZeUT6q0pn6/.../zSJJmCM0XbUSWg==

http://cdn.winzipdelivery.com/c?fallback_url= &x=K6bn85jGdGrxTW7V4Py6s06q5o8lSZzqasSLjuO fuY=&downloadAs=winzip19-lan.exe&c=KSRsdEnlcoJGesAVXvlPia0XV8wgrEwMwq49C qQeDTb8BFKpycW37Vjnlne4Vo e1Qe6f9jfqiwlcdn5ntvZA==

http://cdn.winzipdelivery.com/.../SrWY=&downloadAs=winzip19-lan.exe&c=ffRXFA38FaEgiVl0yI1uJDt4YC1oOAgqZEfzs9C3TygyAB66yqIkJw0zqXjUCfh9xjLcMOh7PXPtDdU0e1S18Q==

http://cdn.winzipdelivery.com/c?fallback_url= &x=CukQwLsztTAIgov4HHyupsFw7zA/c3qwTn3QB0tBh8g=&downloadAs=winzip19-lan.exe&c=0SEAa9xV7f4ZrPiuDIuibOn3pvkPIFg1YAISiBd/.../Hdf LZkEqxpSoiuPRQRSlS3A==

http://cdn.winzipdelivery.com/c?fallback_url= &x=WG5gRz24ZrhhOQuCQhN31qrAtuGoCwZGHhATF26Yxvw=&downloadAs=winzip19-lan.exe&c=fGIGHjBJgJHh2Xp3lnp47aSD/UFq8NBuOO6pARCiNX6/.../wlNwCmY6JxNI8jbM7EBrKBdbw==

http://cdn.winzipdelivery.com/c?fallback_url= &x=gsixcX1ZMzU8TMhrLAZUwZMjDELhA9NySa6LPf/rcmE=&downloadAs=winzip19-lan.exe&c=E KrCQ7ASzuOlTdQt1SeU2VOLv7EjAr4JiPD5OnTkGiSxgbd/rAH790QA/.../aIX49ZKYQgDDglA6si8zA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=4MLc1yGLQWQB6iUzYULltKBsi2173nMqkvsGgejd5CQ=&downloadAs=winzip19-lan.exe&c=OIRmzLyNStAeMvMB1sxP5OK1taDWDtxwGuPtKLPww hNYP/.../bRr6ynksBRO6pauRjFGYeq6x9lpCJwQ12hkQg==

http://cdn.winzipdelivery.com/c?fallback_url= &x=sIhM2DJo6l 6hVrYd gEq9xY0MbCHf1DIzC8ysW7KGE=&downloadAs=winzip19-lan.exe&c= Blq4qwdzSakAbJnveHlOjkbbDNdPjjHrzQVymUKLQl4YyArUHTcHqU5UFGaPMnRfEWtcBN xzniYjrHwyORLg==

Latest 30 of 85 download URLs

Remove winzip19-lan.exe - Powered by Reason Core Security