winzipbar.exe

WinZip Computing

This is part of the Conduit platform, a browser extension desigend to manage and control the web browser's search provider functionality. The application winzipbar.exe by WinZip Computing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Wise Installer installer. It is also typically executed from the user's temporary directory.
Publisher:
Conduit  (signed by WinZip Computing)

Version:
1.2.0.0

MD5:
0d0182815527ac5b55b531757a4d3419

SHA-1:
645abba10407ef33e9ce23f6c8853eccc7b567ba

SHA-256:
1a7aeae7cb829a2310c6c11639be763fc009cc28ea97e83624cfec94f3d57797

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/5/2024 9:29:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.1.24.5

File size:
275.1 KB (281,696 bytes)

Copyright:
Conduit Ltd.

File type:
Executable application (Win32 EXE)

Installer:
Wise Installer

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\winzipbar.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/13/2009 7:00:00 PM

Valid to:
4/13/2012 6:59:59 PM

Subject:
CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2091EC663B9B070DEF16CA9A237B705B

File PE Metadata
Compilation timestamp:
10/25/2001 2:47:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:XXUlmIMLPkuWCgXmyaun3sBPV8aspReyM8oyasBPV8aspReyM8oyt:0lmhLR63sBPOLfef8onsBPOLfef8oc

Entry address:
0x21AF

Entry point:
55, 8B, EC, 81, EC, 2C, 05, 00, 00, 53, 56, 57, 6A, 01, 5E, 6A, 04, 89, 75, E8, FF, 15, 54, 40, 40, 00, FF, 15, 50, 40, 40, 00, 8B, F8, 89, 7D, F4, 8A, 07, 3C, 22, 0F, 85, CC, 00, 00, 00, 8A, 47, 01, 47, 89, 7D, F4, 33, DB, 3A, C3, 74, 0D, 3C, 22, 74, 09, 8A, 47, 01, 47, 89, 7D, F4, EB, EF, 80, 3F, 22, 75, 04, 47, 89, 7D, F4, 80, 3F, 20, 75, 09, 47, 80, 3F, 20, 74, FA, 89, 7D, F4, 53, FF, 15, 6C, 40, 40, 00, 80, 3F, 2F, 89, 45, F8, 75, 64, 8A, 47, 01, 3C, 53, 74, 04, 3C, 73, 75, 06, 89, 35, 58, 53, 40, 00...
 
[+]

Entropy:
7.9694

Packer / compiler:
Wise Installer Stub

Code size:
8.5 KB (8,704 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a184-24-90-108.deploy.static.akamaitechnologies.com  (184.24.90.108:80)

TCP (HTTP):
Connects to a23-202-99-152.deploy.static.akamaitechnologies.com  (23.202.99.152:80)

Remove winzipbar.exe - Powered by Reason Core Security