» zipsoftware.exe
Overview
Analysis
File Details
Downloads (1)

zipsoftware.exe

The application zipsoftware.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from ic.download-free.com.

File name:

zipsoftware.exe

MD5:

c595dbbccf24a317f9f52b0a3e8d71eb

SHA-1:

f35afc04fa824fb0bd4229e9c967f47368e6543e

SHA-256:

b36dbe3d8b4aded93ee486dbe37b3f83924bff66e84f6a5644e62126d7d3da64

Scanner detections:

27 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

1/14/2025 2:43:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.251242

905

Agnitum Outpost

Adware.Generic

7.1.1

AhnLab V3 Security

PUP/Win32.InstallCore

2013.04.05

Avira AntiVirus

ADWARE/InstallCore.Gen

7.11.70.100

avast!

Win32:InstallCore-BD [PUP]

2014.9-140813

Bitdefender

Adware.Generic.251242

1.0.20.1125

Bkav FE

W32.Cloda22.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

15822

Dr.Web

Adware.InstallCore.45

9.0.1.0225

Emsisoft Anti-Malware

Riskware.WebToolbar.Win32.InstallCore.AMN

8.14.08.13.04

ESET NOD32

Win32/InstallCore (variant)

8.8197

Fortinet FortiGate

Riskware/InstallCore

8/13/2014

F-Prot

W32/InstallCore.G.gen

v6.4.7.1.166

F-Secure

Adware.Generic.251242

11.2014-13-08_4

G Data

Adware.Generic.251242

14.8.22

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.0.0

K7 AntiVirus

Unwanted-Program

13.164.8477

Kaspersky

HEUR:Hoax.Win32.ArchSMS

14.0.0.3042

McAfee

Artemis!C595DBBCCF24

5600.7039

MicroWorld eScan

Adware.Generic.251242

15.0.0.675

NANO AntiVirus

Trojan.Win32.WebToolbar.vuuzm

0.22.8.51404

nProtect

Joke/W32.ArchSMS.1045040

13.04.05.02

Rising Antivirus

PE:Malware.XPACK-LNR/Heur!1.5594

23.00.65.14811

Sophos

Install Core

4.98

Trend Micro House Call

TROJ_SPNR.0BIP12

7.2.225

Trend Micro

TROJ_SPNR.0BIP12

10.465.26

VIPRE Antivirus

Trojan.Win32.Generic

16576

File size:

1020.5 KB (1,045,040 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\zipsoftware.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:+EtJ51+OmgARJ3ILz86JJaaOmHoPbSjuxMs7Nm:+SV9mgAOIWJXjuGAN

Entry address:

0xC1B50

Entry point:

55, 8B, EC, 83, C4, F0, B8, 10, 44, 41, 00, E8, 12, E4, FF, FF, FF, FF, FF, 8D, 4C, 24, 0C, 8B, 54, 24, 08, 8B, 44, 24, 04, E8, DA, FC, FF, FF, 8B, 04, 24, 33, D2, 89, 10, EB, 48, 8B, 6B, 08, 3B, F5, 75, 3A, 3B, 7B, 0C, 7F, 35, 8B, 0C, 24, 8B, D7, 8B, C5, E8, 71, FD, FF, FF, 8B, 04, 24, 83, 38, 00, 74, 28, 8B, 04, 24, 8B, 40, 04, 01, 43, 08, 8B, 04, 24, 8B, 40, 04, 29, 43, 0C, 83, 7B, 0C, 00, 75, 10, 8B, C3, E8, 9A, FA, FF, FF, EB, 07, 8B, 04, 24, 33, D2, 89, 10, 83, C4, 14, 5D, 5F, 5E, 5B, C3, 90, 53, 56... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

788 KB (806,912 bytes)

The file zipsoftware.exe has been seen being distributed by the following URL.

http://ic.download-free.com/ZipSoftware.exe

Remove zipsoftware.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.