xzipinstall.exe

Pro3ddd

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application xzipinstall.exe by Maxiget Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the New IT Desktop Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Kranger  (signed by Maxiget Limited)

Product:
Pro3ddd

Description:
Pulling rule

Version:
4, 0, 38, 0

MD5:
6f2172c553e4b107a9b74cabb3b33d77

SHA-1:
fe01e4427c2ab60a1e24cc6131a13c9432903353

SHA-256:
7ad842d591fb179517832952e98b61a20d47baa1663741764bdde0ec8b2a0cd4

Scanner detections:
1 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/23/2024 11:34:11 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.New IT Limited (M)
17.3.15.23

File size:
720.7 KB (737,984 bytes)

Product version:
4, 0, 38, 0

Copyright:
Copyright for McDo

Trademarks:
.

Original file name:
beeeeast.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\xzipinstall.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
11/4/2014 8:59:17 AM

Valid to:
8/15/2016 3:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B6558A31AA7EB

File PE Metadata
Compilation timestamp:
12/17/2014 2:48:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x32FEC

Entry point:
55, 8B, EC, 83, EC, 44, A1, 88, A0, 43, 00, 85, C0, 74, 0A, FF, D0, 85, C0, 75, 04, 6A, FE, EB, 1A, 6A, 01, 68, 1C, A0, 43, 00, 68, 10, A0, 43, 00, E8, 32, 01, 00, 00, 83, C4, 0C, 85, C0, 74, 08, 6A, FD, FF, 15, 64, 40, 43, 00, 56, 6A, 00, 68, 0C, A0, 43, 00, 68, 00, A0, 43, 00, E8, 11, 01, 00, 00, 83, C4, 0C, FF, 15, 68, 40, 43, 00, 8B, F0, 85, F6, 75, 05, BE, 56, 55, 43, 00, B1, 20, EB, 05, 3C, 20, 77, 0B, 46, 8A, 06, 84, C0, 75, F5, 3C, 20, 76, 17, 8A, 06, 3C, 22, 75, 03, 80, F1, 20, 46, 8A, 06, 3A, C1...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
201.5 KB (206,336 bytes)

Remove xzipinstall.exe - Powered by Reason Core Security