winzip19-lan.exe

WinZip Computing LLC

The application winzip19-lan.exe by WinZip Computing has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdn.winzipdelivery.com and multiple other hosts.
Publisher:
WinZip  (signed by WinZip Computing LLC)

Product:
WinZip

Version:
1.0.5.a0.1_37199

MD5:
dff199c0ffbdf07c0fa0c009d9d17942

SHA-1:
931a66a3877b4dd391e8205762e804b5d43ba9c7

SHA-256:
e0681cf504c08897d10230cbafac246c633ae5071f46970e2a1eb1cabdd79ef9

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 7:37:31 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.InstallCore.402
9.0.1.0172

ESET NOD32
Win32/InstallCore.YR potentially unwanted (variant)
9.11541

Fortinet FortiGate
Riskware/InstallCore
6/21/2015

herdProtect (fuzzy)
2015.6.21.17

NANO AntiVirus
Riskware.Win32.InstallCore.dqvwsp
0.30.20.1219

Trend Micro House Call
Suspicious_GEN.F47V0402
7.2.172

File size:
1 MB (1,080,488 bytes)

Product version:
1.0.5.a0.1_37199

Copyright:
WinZip

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winzip19-lan.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/10/2015 12:50:10 PM

Valid to:
2/11/2016 12:50:10 PM

Subject:
CN=WinZip Computing LLC, O=WinZip Computing LLC, S=Connecticut, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213AC849B929DBABC960315B5B9070927F

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:KmJa7dm5K5c/WVHvy3NGwbIqWlWOJKyUpNUYPpLShl7uK:KMGA2PEN+txBYPshf

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8926

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file winzip19-lan.exe has been seen being distributed by the following 50 URLs.

http://cdn.winzipdelivery.com/c?fallback_url= &x=Dh 4kIJpIrRLUC58SdKbX3AlaFLlQNefiNmS SUHxN4=&downloadAs=winzip19-lan.exe&c=U0/URrMkL1jan0v7hxrp67Ken5/.../a64GSHyNhnJng==

http://cdn.winzipdelivery.com/c?fallback_url= &x=2XlZ6JpWiu/GicC6h8TEpcsWzRiz65VcGyVPl6GdR5Y=&downloadAs=winzip19-lan.exe&c=04qg9MSOtjtlT0PN58JwbhilOXozH0mrOa6vON Fx92Y/inrT4i /.../XLhrAMQxgMox5s1uAg==

http://cdn.winzipdelivery.com/c?fallback_url= &x=kevGAzeDtaaQW6LJfT fLq/.../ejoDq0H B78UJrkyDPM2FMVY3xWzQJ29aLaqZU9IzjvpBphydM84JtcxWJP0zVMnSWuvkSUHJrA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=b1b/.../fvadAfpnic 3JrxIGiqExCGpuFuoR6o3Q==

http://cdn.winziprepository.com/c?fallback_url= &x=pFbUp7WowSEIcEMF3f9DN12gm PinsAR2POywX23KSw=&downloadAs=winzip19-lan.exe&c=grUTuiCS3bczGnD9dp GYLlqiXQvM91TVrpwPpWBaTk5e 92cetJfv2PJUUpdSVIYUTYltqqws0A7EP1LOnTEg==

http://cdn.winziprepository.com/.../jHQgw=&downloadAs=winzip19-lan.exe&c=Gg8q6AXlBzJJeM115jPAMzPQqTkIeHtMTAldvCyrUbv SSf974QTmy6zOoLqASxvgFZyuN8tzMHcCh YzSENqQ==

http://cdn.winzipdelivery.com/.../N60=&downloadAs=winzip19-lan.exe&c=gDBMnoXgXaZrmdniSaQxg5tyhLbTBtaEd0i5B zxzk8NKKpMozEAHLCWIjaa7Tti3rUiuZ5XRsHXwHFO8mJJQA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=cxpUYbD1njlhazkYXthVlgf7MrQEo9e6rkevXBpVl0I=&downloadAs=winzip19-lan.exe&c=wKf9hciBc7V0jcPMEtgujKrQaW6SPo9Aekp0P Y0srXaU4Ss3SFwyQ 8eo2mDzRAsiuNNyRgLj1oQQDE3r1qlA==

http://cdn.winziprepository.com/c?fallback_url= &x=z27l7eSow/ut12Pg7H8xqpzGnqT7PYawr7Z5QFHLkiM=&downloadAs=winzip19-lan.exe&c=/nyLv19 Stiw388MyktpO/WvW9bHT/.../xohcAknj1nT4ktB9N DQF9nXA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=NsE4q0MpBJfvgOLvbmq4hdCSobyfuqfGC4p/y9CgDVY=&downloadAs=winzip19-lan.exe&c=ox4V1SXITpTwgf1cKc0Cqii3EXwlC1uRgNjsLhgZvHeh68/.../NdQvMc3rSpszrZ40F64iA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=KcLV2JFAHGKmihk GM4mk4yM EHSSkCssdwOwrAXzHA=&downloadAs=winzip19-lan.exe&c=ZZPc92yprViYjpZndL6UXblB6M7/.../hWq7BWP84r5bTnlLYyMNwwBYusKRyE7nS VnQpoHNtYg==

http://cdn.winzipdelivery.com/c?fallback_url= &x=BAIOImbM9fPdTmrTub2tii30GcaWDMq6ao1YbzIOBtY=&downloadAs=winzip19-lan.exe&c=m98yXstAfiH4FflwTrwGWuqOHBT3qmz9/.../INLEISJevnOSIQI8Yk56m a8huXeFzHoo2UihPaEwVcePj0Q==

http://cdn.winzipdelivery.com/.../2wDS kBWRshFWFiWolftbjlKhjV l2ypILGN4=&downloadAs=winzip19-lan.exe&c=ODMaQFGzw10BzJJH4bR2ke6nFlwpHGzicYcuIoFyfsx7eqIJRr9dvAptk3RKwlQT4CqGlffHiLY0bNgchlBT4Q==

http://cdn.winzipdelivery.com/c?fallback_url= &x=n2wWpXv0L3H41PCTRBYyM1BIn1vut2NgVAjeBwPnqzo=&downloadAs=winzip19-lan.exe&c=EOwdcMbiyT/.../4PSQirTxFEqCIE3Ez95E5HnRbDcmuGIipx3AWqjjY0CgGuykdWaZftjAw==

http://d.winzipsuperbfiles.com/c?fallback_url= &x=BaH7ghP7XoTOkbrQcYR10Vig4yz71PNVgfcb/qzSVWU=&downloadAs=winzip19-lan.exe&c=MoebdkLo9NWm3BKBYjPX525ypTeeyTtWRwQpt/.../RNWIuqjnco2pg==

http://cdn.winziprepository.com/.../rU5 6bW78jzxp2XarVkJY9DtyGNJljtVY01kQfuytfUEf2EE9tJCGVRhcqeWRtDbjKA==

http://cdn.winzipdelivery.com/.../xN7MJsiQRm rEWIlnTWIZfVNEmiJm3w0hRYb6Jd EmJw==

http://cdn.winziprepository.com/c?fallback_url= &x=v7wl3TL jLM8wm0 QWzIk LGEd7bXkO7SQ6FBhhw4i4=&downloadAs=winzip19-lan.exe&c=YbUVbkYp5ap7KB3L2Ti03L415pDQL8H kYLM1Y/.../fTD2w6LqpfT RJBijIda3dmXSPYOUeUvz9 Dw==

http://cdn.winzipdelivery.com/.../fY8w1BH6LEOTE3vrSegX3Ldsto=&downloadAs=winzip19-lan.exe&c=Wm8PzKTjA11ICjWP4Hy3xt8rlTqKEvV1aPF3EqC3aC2c29EYuz91g4Vzl PzDOM2xMeKi I7u1MtCQlYqD6EQQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=0GqG99 3kXoc7FZrECcppIJYRiJoXBLhS4zYRyOd8Gc=&downloadAs=winzip19-lan.exe&c=W90rlsxyOSpg6qwhEqMazpRtUY7F1SJlBQEryg Ziwypcm OA30uoqPNznQ6EyDP7Z1fGBaJ4PRG2cMJfEFIzA==

http://cdn.winzipdelivery.com/.../sEoi7PFlIgpWmKKuzEWL9 NJsxjuKOqxfNsBroqUg2IZscHyZzur4Ng==

http://cdn.winzipdelivery.com/c?fallback_url= &x=vqGGTagI59fgvGl tcfFf4oH6W/z/g6IN5WADtf7ofk=&downloadAs=winzip19-lan.exe&c=s8CRQgSvZ0QQ7MtkWlUVIkk4hQ09f2K6eGsea3kS ayBInqi3/z5wvmuWej5Wxk8SAG6C/.../w==

http://cdn.winzipdelivery.com/c?fallback_url= &x=Oy6MFxPM U0i3D3bidK4b3 TdgaicBE6vtlslywR8oQ=&downloadAs=winzip19-lan.exe&c=EzUjZgbdAshWq3SQSLpu7Z17rKy3gyucfxRi/.../3bFBvrKeIRqn5g==

http://cdn.winzipdelivery.com/c?fallback_url= &x=UNcZ4G2UW69Gjz60mmAxzygVOLmwmJd6PqbhdZH9hgM=&downloadAs=winzip19-lan.exe&c=hK2OnB4rVTePgWnHOkpelfvZU5zosnXCh6C9K8Yfw4yy19etfoWkbzQbwOAZnvdIgE/.../t4RhMfRADQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=LCIGtd9NJSioQ7G6HljeZ5W3ffhB1j7qa0rjbboFrGU=&downloadAs=winzip19-lan.exe&c=JEAPOy3tCD6xF4ue741hjEdxcV/.../NHf0MSTycwk5lA==

http://cdn.winzipdelivery.com/.../b7WA=&downloadAs=winzip19-lan.exe&c=kvN6KpQVRmQPVYpn5RHL8jN6SJP5Q2fKKMs85wFXgwk5AwS6bXwnf52mkPr8Kff SIFPeAEEes6lJcaKJfdo8w==

http://cdn.winzipdelivery.com/c?fallback_url= &x=4t6ilNFf5RPX3eLoc 4S47g292kUElGhiiu0LeQ9jp0=&downloadAs=winzip19-lan.exe&c=UKLQ1PKm7UFoZT8M49TZrHOYr3r9bDMzCvqztRipGoL6ed0YQI6JnZF89wLJRDg0lGTRS4h8m1zWJfncLHf7ew==

http://cdn.winzipdelivery.com/.../y3SBvOz2jZKU0PUJciK8=&downloadAs=winzip19-lan.exe&c=b9BZDQ3zPcQmYA39T57xyGiI3SyxRrXopuwM0kBRDk3oUeGfzR4wea3t vK1bTrWv9AoendSH9b9HDYeqCKqEw==

http://cdn.winzipdelivery.com/c?fallback_url= &x=LKvaF jkPPZGi8ziiBeqC8mlLybTONkxxRcYxcqDxjc=&downloadAs=winzip19-lan.exe&c=6LmgmzFCJktjFMDtaOkcKXbDd4PKLEmBlTV9wDZ2kUuYpRLQ6jANHp6doQlzRSOCxC5UPFX vKHLnp8jDZ0Rng==

http://cdn.winzipdelivery.com/.../oXpqnDvFuJ7WkPLw==

Latest 30 of 95 download URLs

Remove winzip19-lan.exe - Powered by Reason Core Security