home

farescd.com.computer.2pre_10924_i92888126_il345.exe

WinZip

LLC Arctic West

The executable farescd.com.computer.2pre_10924_i92888126_il345.exe has been detected as malware by 1 anti-virus scanner. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
WinZip Computing, S.L.  (signed by LLC Arctic West)

Product:
WinZip

Description:
WinZip Installer

Version:
1.0.28.1

MD5:
ada196a2fe5e202099c2d3331e4d2cc7

SHA-1:
e64e4da794ea99d4bac45308f5097bad26b09cbe

SHA-256:
02676a88910878103effd67ecaa539909e11ddd564b5405fd3925586f21dcc1f

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
5/14/2024 10:44:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.10.0

File size:
2.5 MB (2,660,896 bytes)

Product version:
1.0.28.1

Copyright:
WinZip Computing

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\farescd.com.computer.2pre_10924_i92888126_il345.exe

Digital Signature
Signed by:
LLC Arctic West

Authority:
COMODO CA Limited

Valid from:
8/25/2015 2:00:00 AM

Valid to:
8/25/2016 1:59:59 AM

Subject:
CN=LLC Arctic West, O=LLC Arctic West, STREET=Lviv highway 1, L=Mikolaiv, S=Lvovskaja, PostalCode=81600, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
416057CF015B4832DC973BA203AAB312

File PE Metadata
Compilation timestamp:
12/1/2015 12:34:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x332E32

Entry point:
68, B7, DD, 08, D8, E8, D9, 21, FE, FF, 1A, D1, 0A, 93, A9, 8B, 93, C8, 17, B0, F4, 32, DE, 23, E7, 75, 69, 42, 6B, 0C, AB, 13, 8F, B3, 6A, 46, 66, 3B, FA, E9, B8, B6, 1C, 00, 1B, DA, 13, 9B, 8E, 97, AF, DE, 18, B8, D1, 2F, AC, BF, 56, 65, 1E, 4D, C5, CD, 45, DA, E4, 4B, DC, 51, 51, 91, A8, D1, 69, DD, 42, 0B, 4A, BB, 87, BE, 7D, 13, 3D, 06, 47, 5A, A7, 1B, 10, 67, EF, 60, 03, F5, 2E, 5D, 1A, 78, 96, 7B, EE, 52, 1C, EA, FC, 8E, 2B, 83, AE, 53, 03, 4D, 42, 3B, 25, CB, 16, C5, 19, 3A, 4D, BD, 24, 24, 98, 60...
 
[+]

Entropy:
7.9879  (probably packed)

Code size:
2.5 MB (2,635,776 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.