winzip81.exe

WinZip Computing, Inc.

This is a setup program which is used to install the application. This is installed with multiple programs including WinZip. The file has been seen being downloaded from supportcenteronline.com and multiple other hosts.
Publisher:
WinZip Computing, Inc.  (signed and verified)

MD5:
2b8933f6d1f2802dd0fe95c84aac60c7

SHA-1:
c0107e9a0eb40c18c7b9ee7fc9fa9ba5fe80bc72

SHA-256:
e60379700c9e62f4cbbe364306b44b078753b055040af6c8ed0b99f1379f7664

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/16/2024 9:29:17 AM UTC  (today)

File size:
1.7 MB (1,803,848 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/16/2001 1:00:00 AM

Valid to:
4/14/2002 1:59:59 AM

Subject:
OU=Digital ID Class 3 - Microsoft Software Validation v2, CN="WinZip Computing, Inc.", L=Mansfield, S=CT, C=US, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Issuer:
OU=VeriSign Commercial Software Publishers CA, O="VeriSign, Inc.", L=Internet

Serial number:
2EAB271F29A9F7219502B30796BE10F6

File PE Metadata
Compilation timestamp:
11/21/2001 3:23:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:iEyXmzf1bdGETzVEq60bKYwL3c9bcBjM2xWVWOTSKO:iUt3Tgs94FM2iTSl

Entry address:
0x3EF0

Entry point:
53, FF, 15, 54, 70, 40, 00, B3, 22, 38, 18, 74, 03, 80, C3, FE, 8A, 48, 01, 40, 33, D2, 3A, CA, 74, 0A, 3A, CB, 74, 06, 8A, 48, 01, 40, EB, F2, 38, 10, 5B, 74, 01, 40, 52, 50, 52, 52, FF, 15, 4C, 70, 40, 00, 50, E8, 62, F4, FF, FF, 50, FF, 15, 50, 70, 40, 00, 8B, 44, 24, 04, 8B, 40, 3C, 05, F8, 00, 00, 00, C3, 55, 8B, EC, 51, A1, 88, 96, 40, 00, 83, 0D, 00, 95, 40, 00, FF, 56, 33, F6, 39, 35, 40, 90, 40, 00, 89, 35, 34, 96, 40, 00, 89, 35, 84, 96, 40, 00, A3, 24, 99, 40, 00, 75, 05, E8, 3B, D4, FF, FF, 39...
 
[+]

Code size:
24 KB (24,576 bytes)

The file winzip81.exe has been discovered within the following programs.

TurboPay9  by Consoft Group Ltd.
About 1% of users remove it
WinZip  by WinZip Computing, S.L.
WinZip is a proprietary file archiver and compressor that creates archives in the ZIP file format but also has various levels of support for other archive formats.
www.winzip.com
8% remove it
 
Powered by Should I Remove It?

The file winzip81.exe has been seen being distributed by the following 11 URLs.

https://supportcenteronline.com/ics/.../DLRedirect.asp?fileID=7081

http://www.dellasavia.com.br/.../winzip81.exe

ftp://10.0.5.160/Compress & Tools/WinZip/Winzip 8.1/.../winzip81.exe

http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTQ2ODkwNzQ4MjtzOjI6ImlkIjtpOjY3NjM7czo0OiJmaWxlIjtzOjEyOiJ3aW56aXA4MS5leGUiO3M6MzoidXJsIjtzOjQ0OiJodHRwOi8vd3d3Lm9sZHZlcnNpb24uY29tL3dpbmRvd3Mvd2luemlwLTgtMSI7czo0OiJwYXNzIjtzOjMyOiI2ZWNmYTZiODk2ZDc5ZjA1NGEyNTZlNTg4MDQyMWI4NiI7fQ==

http://glass2k.software.informer.com/.../

http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTQ2NDEwNTg2ODtzOjI6ImlkIjtpOjY3NjM7czo0OiJmaWxlIjtzOjEyOiJ3aW56aXA4MS5leGUiO3M6MzoidXJsIjtzOjQ0OiJodHRwOi8vd3d3Lm9sZHZlcnNpb24uY29tL3dpbmRvd3Mvd2luemlwLTgtMSI7czo0OiJwYXNzIjtzOjMyOiJjMDUyYTVhOGJkODhjMjI3NDFmN2Q3OWI0N2NjZTI3ZiI7fQ==

http://tss.gov.do/.../winzip81.exe

http://maputo/.../winzip81.exe

Scan winzip81.exe - Powered by Reason Core Security