winzip20.exe

WinZip Computing LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from www.ranchsendgift.com and multiple other hosts.
Publisher:
WinZip Computing LLC  (signed and verified)

MD5:
c7db35ef6e92474e5a165187ffd8cfbe

SHA-1:
2cd1f5cd5fa121dbbd666379842b0ad8745467f5

SHA-256:
0f711fc8f43e0482759f29c94340525b181af5858ab641a690d515e2c67ddf1b

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/23/2024 1:25:05 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Systweak.L potentially unwanted (variant)
9.12491

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151029

File size:
132.1 MB (138,508,000 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\winzip20.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
4/17/2015 9:05:21 AM

Valid to:
4/17/2016 9:05:21 AM

Subject:
E=help@winzip.com, CN=WinZip Computing LLC, OU=IT, O=WinZip Computing LLC, L=Storrs Mansfield, S=CT, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121D1D8286B82393399C853E44FF8AA3854

File PE Metadata
Compilation timestamp:
11/2/2009 2:24:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3145728:3/e0AoJ7ziHEzf5QT1geLIdU/lyOynb73S81VfxsDlgkvG:3/dziHoiT5LRAnnHVwgkO

Entry address:
0x1479F

Entry point:
E8, 02, 67, 00, 00, E9, 17, FE, FF, FF, 3B, 0D, D8, C9, 42, 00, 75, 02, F3, C3, E9, 82, 67, 00, 00, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 18, 48, 41, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 54, E6, 00, 00, 8B, 45, 0C, 8B, 40, 04, 83...
 
[+]

Entropy:
7.9999  (probably packed)

Code size:
144 KB (147,456 bytes)

The file winzip20.exe has been seen being distributed by the following 50 URLs.

http://www.ranchsendgift.com/nj73RinRy4i0uP sCzlzck0_b0BfHsRz10h4AalGkpzHCBekTbpeQMtjffZr3S2S8NR77fc009jcrkaYhqPo6_2pTmdnmcZNplrptSkMzq3KRFp3n_mMOV9ZNxAIbP5h6GiU9siWd4L4jHgYoc0 FszMn0QzyvkcYWZms9tHOzu5hHB4XqwIaGkoZ2SERAaVkqWEgZO6IYFtmH3dsVu6Iu1LWbZc4A==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.tamindir.com/indir/MjAxNi0xMi0yNCAxNToyNzo0Ng==/winzip/windows/.../

http://www.towerbitscenter.com/uv2oxuTPNXbXJy9lB236MXLE9zQC6iZPZZGPYuG6DvlYNdTJ 5COWU6k0QXYyznxhshEjJOUK0dRFLRSLKc26B6LWi93SnIrGHUxtKnoNYmrpJ3h TBzG2B1QBGvNR2jSQqMDrhx7wt4jjPd4oVxiU4oqG6ch3XMVg44UkRZeds8qoVnWmxPDEM2iaA0hL0YK0w4w o6pWFH5K4IXdGx7uyvKW4U9w==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.ranchsendgift.com/O_WtKsnzBn6FM6SYQ46l4MrZIdeTo1AgSkKy0szN1jwp35CVhJJOLxUh8rVQazrfVEosvStOvC5XamaNFB A9tgqTP5rHB_41PT4E4EN4Ertx_fk8flMZ7KJwChnieiozQbWP1kdU0d5It 0zHpYC2 6R vh2h0BgLSTBGIkN14KOdMxE8jA3bue7YqQKcpzDamUKbhJawkUGUtsxmThMeSJRBPobw==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.towerbitscenter.com/A5CcJxzZnj ert0cY9buFJNIVCwbXe9Yoe2UtloyUWRNYyrUq1HTJ6yiosDNbp RfqOk_i6l8Cx63_vdzimubbwYPD6vYdsFF lgGQhC_pJw0jzTpv l0nAxATDX4Pxreq8hAVjtgpG0U26Itov3TS Vrp66nKbaN3POWy3Z6hL17Ih6Hz7U0eUO3xDZlJjzEsTC6epmG9R1GCApEUV0cxT9rc 9ZA==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://store.winzip.com/852/.../86323770-iWmUxzGiWHF6IVKDkprZ-1-2-1

http://www.tamindir.com/indir/MjAxNi0xMi0yNyAyMjo0MDo0Mw==/winzip/windows/.../

http://dl.cleverbridge.com/852/.../winzip20.exe

http://www.ranchsendgift.com/NuTPH8NAcxG13FAPFU9EfN6kPGKcnxutSAU8WEmsCodXdKLzahAWVasl6oxVO6f48S lTynlMRQplxFL594I1vcymyAzlNfp0ukk36jNnIFGd0 DFQgq5BnjxHhxYLd1XaqYlZuCu6aKQRIYrwP8BOBvT7qz7yWII4h9TJoq567LNYqApMo6IArcGbKxyKFx8SjuqTF YDVMpWsrMYhAYEoaD4EPA==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.ranchsendgift.com/WzwPKSdBhWJ3ZVhujxKkPVQ 77f_D7aIxSW4sm_SQaNB4laow1jISIbNq7eMUdzF2mjmSyA7KHuJJy7ZhlKR4nAspP2Fo3NK89pqDP8Nbu3S8fdk1dbC5ahzNALP R9ds3cz51ZvyO6dk7rnKl2LG2cv9zBRvmMUKzxS6B9AwsSQoNfAGsX0sBN9YjacOg68QllbuAwPIxbIO_9gK1eHidVJ3DFuaA==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://dl.cleverbridge.com/852/.../winzip20.exe

http://www.ranchsendgift.com/A d4DdDa6ypbq3oYkX4GTBSQ2iuVe46AiusjGdEOdN Iq6j4kf1oNyHk KwDc3wes77otTh8rwKW3QlHQEt4kh9rbBlM4DkEDfdUSodEpR 9JWlFP7nTKZRyREhvFPTkwhT8BN5dL29cIL88xWqLuFvAu pHNQ2A_osGPUUSJwysm8I2igpZS8BtzQM4GVoxIU9JILA7cvIjXUg3GAxYyf78jhfdnw==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.tamindir.com/indir/MjAxNi0xMC0xMyAxODo0OTowOA==/winzip/windows/.../

http://www.tamindir.com/indir/MjAxNi0xMi0xNyAxMzo0OToxMw==/winzip/windows/.../

http://www.tamindir.com/indir/MjAxNi0xMC0wOCAxOTowMToxMQ==/winzip/windows/.../

http://dl.cleverbridge.com/852/.../winzip20.exe

http://www.towerbitscenter.com/QMiQ8EE4CTnuYlLuDKwBSnM0s_tTur5jUGhFNxjra7Yp35GFDtqCOLyDxMYHtGyxTImwVymruLk rG0vJrydSv2GEyTEpVtI7lOKUf4Xa6ILEf4e6LCHMUbquHKsW jA91ifTrXVg7bq68GtBYj1qzYaDreNvz6Q8Fc7a1B0t ZUhF5328Zj3pVRx8LeDpdCm6WC5HyBDsgm NpvUWmTSQK6nrslkg==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.towerbitscenter.com/3tC3LIuVR4k3O02X3m7LDVhqDkbskNq5MhYyzAYGFCPNKfLZk3Y2iiBoK2vinzhk0jQFPAqgUzLBKZBAVZ9z8lnOXhFJz_UHfyg5RGF4HOGKTGPmQRoqC35FqGQy6DyMjS3Jt_8uzUqbWk7ukMMH84BkXEXEMXrVV8iJinvDE2ojJGJXisDcGNLTx6FSyJojcEnyW0v8kzWONn6AllMkzcUjZghU6w==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.towerbitscenter.com/XNSMcoKRbSr8UCcq9RhRdHW0Varqk0dfyXo_DuwmgJnrSCFx1qhRtmbJ0rZ6rU3DvDREcEn7yEuPD2VrSjYTjR6ye6L0PMFJXEeOEbCXHHG L6HkBugfQcEjvGSs1LaOIBKSWkBxb_4K9Ej_re4HoxudHXFLJ3MPakyv8agqfuKGDht2rLaO7pyMiaK4fFyWrI0NvrdAp7Kx5vNewUu1EDW53XoyYA==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://dl.cleverbridge.com/852/.../winzip20.exe

http://www.tamindir.com/indir/MjAxNi0xMC0wOSAxNjoxOTozOQ==/winzip/windows/.../

http://dl.cleverbridge.com/852/.../winzip20.exe

http://www.ranchsendgift.com/dSMXZFmmOHyArHf nbqR9ZBYVtrdVluyl0aICGXsoOS3pIqc4 djOk31ntD_VT_WEva7ZLF_Or9OoKJW84s29Ev1PnjdA mBhbyP0RUdWHJ6HdKrjT90iswiWwMFhRhToKE9SBkYjWSs7iUFYrFCfuJCBeqtgPDI9PvIxHFNLSOF534insXfLynxMZAEu9RQHoPL2JO5_RjxDDSi01xSSXPC_rkFJA==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.ranchsendgift.com/6bwezK3mrRTsOAlwgj_Kx1QUanN6DUj8T03gnVV4BaVImKnfUoAl67JwXgxHMBLEjrVZIO_tvUA F5vUxw5hJFZ QaNh8Hy8A4g4kyGEAeLfVy6Qx4pOB3fbVTXfccJqiQC9n6buQ70AOX5lx0_PGMgpYJDXe7pFYyKHRADRTohDS0ZXKDzuiZn6qBn_zzvVvi544_2EBMSKQBM83qsuymM5AtBpVg==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

https://dl.cleverbridge.com/852/.../winzip20.exe

http://www.ranchsendgift.com/iTPNxK6SvHpWdYbE6a8N0vNSWVpwrabj52p3rAflVGmLQiUoW4GHZjV2UZKqus3U5Oc5f9ai9U9Q9LMTwB1DLMHFCFto vzbzOZKjbc822lVHtd1KsnihBe3D9LvRN9MxKTmEw9sjV9N2o4LNQHn99Rdu5QoVEzdxWVZEAmOZrD3HD8GR1US9m6JdvDd3pQrciSUqfvSvirbIQkNLHj0CfI06gChww==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

https://dl.cleverbridge.com/852/.../winzip20.exe

http://store.winzip.com/852/.../87522984-zlO89aq4AckjO4utwAuf-1-2-1

http://www.ranchsendgift.com/MitdKmm0SNgTP5 vmtWgvds060qF5OQzvifKkhUwmc6H8oLf_c5ULiZ0IcYWfsUrKnKODaP2u3LRX9k57a7a Bn2 2UJOPfmfteeCuZrtcprSn2Lul6aGVZd8n9ozxq2u8 BMUs2bW6o8jU3VwR9XPtD6vsRNChQiT3JDCSIrG_Fb6TJevB5mTV41jNgy2J8D5duoS7dT1onJd1JLb0tCaIK5gUx2g==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

http://www.towerbitscenter.com/FXYqJUZySdVnYCgg5SWEIuHusqqnLWlwqOW1_lJKVyLRv3QGN31e890lObv7MSGCzePbyTY_o61K_svUzzJ2zeJtlk7UFhsjpPZTOWvpxe8R5x3JXgkotl5XrM7PpAVLO uNLZQPPywDnEqpH03eIOspUGDymRK GvfO1S3X rNgkrLmNf55aMYsUAIBEXREI6TJk1mgZrQ6LfnWikylPsejRTFkig==-GycAAMRtbD4R53d4pFcEG3DgUiF8B9gG8saJHpt JglWJHwG

Latest 30 of 246 download URLs

Scan winzip20.exe - Powered by Reason Core Security