winzip19-wz.exe

Generic Internet

WinZip Computing LLC

The application winzip19-wz.exe by WinZip Computing has been detected as a potentially unwanted program by 6 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from cdn.winzipdelivery.com and multiple other hosts.
Publisher:
Software Program   (signed by WinZip Computing LLC)

Product:
Generic Internet

Description:
WinZip

Version:
4.0.1.4

MD5:
e00c487443e7e88f2054e937944dba85

SHA-1:
bc6cc5e6e01d98ddf5730a8d8ce61e2b1b3c24ac

SHA-256:
fc61b54bc5ecbf4f4f213d3f30ccba439d5f0383e25322a7747ef878c741c96f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 7:24:25 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Application.Win32.InstallCore.KG
21673

ESET NOD32
Win32/InstallCore.YR potentially unwanted (variant)
9.11433

herdProtect (fuzzy)
2015.6.10.23

K7 AntiVirus
Adware
13.202.15502

McAfee
Artemis!54CF7046A8BC
5600.6738

Trend Micro House Call
Suspicious_GEN.F47V0312
7.2.161

File size:
1 MB (1,079,200 bytes)

Product version:
1.8.3

Copyright:
Soft

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winzip19-wz.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
2/10/2015 2:50:10 PM

Valid to:
2/11/2016 2:50:10 PM

Subject:
CN=WinZip Computing LLC, O=WinZip Computing LLC, S=Connecticut, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11213AC849B929DBABC960315B5B9070927F

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:r6llHDVD/kPF/j6chn02tl2/MGhuy1EZTcus+gI4dl7ul:roDiRj6ch02tlwMGh/1SZsJIk+

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8776

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file winzip19-wz.exe has been seen being distributed by the following 50 URLs.

http://cdn.winzipdelivery.com/c?fallback_url= &x=jr8ww57r5Yo1pVek76n1ehXewKvMchOUgwsnjitH5Xk=&downloadAs=winzip19-wz.exe&c=92zX7vTWTr ucDliHLMTgeMUnUwWs1oSjTjsC AW3JO6KRFzayyBux862EVCGvYHPQWlz3vEj0XaRXdY9UURAw==

http://cdn.winzipdelivery.com/c?fallback_url= &x=Jk9krdYz4qOkHqEg/nAa/Cs IMor8Y2W9V9nc4kk7VY=&downloadAs=winzip19-wz.exe&c=8SGYvjyXyDZGQB1DYxBNa1ZIlSeoAwQkhS8Mk7Cx1f1noj7RqT8zf5Gr0gV/.../YJfi5QqaOYaFekDb9WtA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=GF5xGvk1alwaXA5AbLeAG/dmL/.../TBdpU7dKAb455S2LNzarIFF2wp8rRQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=CXgc7Tj84Jj OmVfkvih9fu7ZGAlPxhKVqI2jnOKcfQ=&downloadAs=winzip19-wz.exe&c=gXSp2xMUKsnrOzcRVZDraURvceFAyP8UtEHNfyF3pJhI6fO7b3OHKnYhAAZdBbzXI0h8inA rMmrxWHMkZHl3Q==

http://cdn.winzipdelivery.com/c?fallback_url= &x=nh93qbPOE38Mmw43p3j6e3Y40CYEWlks7qc/.../i5 lpzUHkl 3tMnS5fnb3E3CxpgrPrbBRa5laZPvHZ5kCoqR89ybrjAkykbFm7q8DzR7wypVOQrw==

http://cdn.winzipdelivery.com/.../BPKk6yRpMvz9Q=&downloadAs=winzip19-wz.exe&c= PybNLs9kgu9OBiO6tVeynEBrD3a4HTLK4vrF0HfLNofZGMkk92KYXD3n7pCBW5MQM3SOJM9qGck3B5VJSTTKA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=b5/cyFDpdY5ebdJ3anHvWHzeqxJr3dNe5WWuT9ceU 0=&downloadAs=winzip19-wz.exe&c=ThkmH19lLYmOeOy5XS68iXC4fy/.../6TWQLN4QchxmlLN3Cdjk3Ny4UjXhTuVvtjbpW9aA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=Knle/vwJGs5 20b 03WNp/.../1VdFg=&downloadAs=winzip19-wz.exe&c=ELvUMSEoqcdwUkeMueta4UXg3x87gtYC18XiOKKOLC4C0 9YVOq3gzm4KeGdvg0xzkMattGBpTM21r8D88lBvw==

http://cdn.winzipdelivery.com/c?fallback_url= &x=soXE4LM5uqUYlLLSwsm4l2GeAZDcsgsXATyiLGsSouk=&downloadAs=winzip19-wz.exe&c=4ViUYuohP7SrSEkAsQzmp2uZfvPy ghv8MYkORoSKq0MHfIqvFzpwu2CdyWHocDB dbCWq3kRW9KCQ3yLUmzGQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=gqQng7hKEuBeRdTXGCiM8amWLHE1b66zu08n522KdMc=&downloadAs=winzip19-wz.exe&c=eBizNLNDtGSOUy7LUj2xg/.../DWo0S4tBxoxiB8aqa38cm8fNfp9PctITgLozPdwv3lzcjVwu6THw==

http://cdn.winzipdelivery.com/.../w=&downloadAs=winzip19-wz.exe&c=ndCtjp2d5x 1eoABA2dcbJcZHYRYKG4zWXSt mQJCktDqiWHXBwC9NiKR8jjhqw8yhI7WYlJ9myyEIxetALcPw==

http://cdn.winzipdelivery.com/c?fallback_url= &x=8WGMbiVy2h54HMQpVdm2E2Q/MYS2mtvH92bOnfo sEk=&downloadAs=winzip19-wz.exe&c= 6wgbrYonlPbZdV2fCa5rTIC/.../WMLcKIyrTIqeNI2jxu7plNSHg==

http://cdn.winzipdelivery.com/c?fallback_url= &x=hbF3H Y6Y1kvEnR/.../INQlMoNQTNKg=&downloadAs=winzip19-wz.exe&c=5SW5Qk3KYXZ96UQ6UMg2Ju4xDaB1YxljkOYNkRtMUj6v7np3xEJViiED xu75xI9ffTOYxpQcwMRmaDRyLgVJQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=IKaTsIQTfy MyAr6uODuqM46EM3CHwPIGksodA0snXo=&downloadAs=winzip19-wz.exe&c=XC zVGUGS3ZObsVZO4vb2ZwYXGtvVm2P/.../2G i9m6w==

http://cdn.winzipdelivery.com/c?fallback_url= &x=qUu/yiTfe9TDLeZVSzNTD8RPS1XjtocpRCZ5XBShedQ=&downloadAs=winzip19-wz.exe&c=0IYa6npAbNj7PqV 0p7N9Q88fJ20KoXlSESs7eA3j6d9/.../WEaxRvaj1KL91WXyA==

http://cdn.winzipdelivery.com/c?fallback_url= &x=al0QxEI7rrku61/CVt2CxJA Ez/.../75wtBn5bTgKlnSdt6cqm8VyskP YVS1lsz147bB6NG HEpOMipLQ==

http://cdn.winzipdelivery.com/c?fallback_url= &x=4H8DegXZ9Yhg3LL kSbrh6MJe6x20/.../Tn4J9TB3NqWUDN88iRqQq1OxvmsD7A2hy GaMH9QDF0xHwq5ekywXNes1zujUNwbo4nI5Tng==

http://cdn.winzipdelivery.com/.../73yp sYhofeuXe4JTEp6FeF0ArVM6gIj2eVFaW4G9TSfg==

Latest 30 of 69 download URLs

Remove winzip19-wz.exe - Powered by Reason Core Security