» jZip.exe
Overview
Analysis
File Details
Programs (2)
Network (1)

jZip.exe

jZip

Discordia Limited

The application jZip.exe by Discordia Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Search Protect by Conduit Ltd. and jZip by Discordia Limited, both potentially unwanted software. While running, it connects to the Internet address 94.31.0.28.IPYX-076665-ZYO.above.net on port 80 using the HTTP protocol.

File name:

jZip.exe

Publisher:

Discordia Limited (signed and verified)

Product:

jZip

Version:

1.3

MD5:

eccb54e6c26f0aaf7f9466ee888cd192

SHA-1:

1c170a7610fcd3b0173682f7b07f75c2d5e4560b

SHA-256:

31b7e57607200797ce6d86d1b8b8b879bfc8599596912d533601929a84c86c00

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 7:17:45 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.DiscordiaLimited.E

14.4.13.23

File size:

2.7 MB (2,786,752 bytes)

Product version:

1.3.0.91520

Original file name:

jZip.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\jzip\jzip.exe

Digital Signature

Signed by:

Discordia Limited

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/22/2010 8:00:00 PM

Valid to:

7/14/2012 7:59:59 PM

Subject:

CN=Discordia Limited, OU=SECURE APPLICATION DEVELOPMENT, O=Discordia Limited, L=Limassol, S=Limassol, C=CY

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

365134344F55842D5CCE133A8C629064

File PE Metadata

Compilation timestamp:

9/27/2010 9:11:09 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:GChJx5j6tz6/RkrHuTcE7fWW7j0Hp+tDlzEJMYzbqhZ9XI7MCufe21aG6C+Hwd5g:GmzRyZIWW7CMYi9Y4Cu6FC+HBUw

Entry address:

0x19298F

Entry point:

E8, C0, C8, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, 56, 8B, 44, 24, 14, 0B, C0, 75, 28, 8B, 4C, 24, 10, 8B, 44, 24, 0C, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 08, F7, F1, 8B, F0, 8B, C3, F7, 64, 24, 10, 8B, C8, 8B, C6, F7, 64, 24, 10, 03, D1, EB, 47, 8B, C8, 8B, 5C, 24, 10, 8B, 54, 24, 0C, 8B, 44, 24, 08, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 14, 8B, C8, 8B, 44, 24, 10, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 0C, 77, 08, 72, 0F, 3B, 44, 24, 08, 76, 09, 4E, 2B... 
[+]

Entropy:

6.4030

Code size:

2 MB (2,048,000 bytes)

The file jZip.exe has been discovered within the following programs.

jZip by Discordia Limited

Publisher's description - “jZip lets you open files in many archive formats, including the popular RAR format. RAR files are compressed archives, which are files that are designed to store both single and groups of related files while minimizing their memory size to save on storage space.”

www.jzip.com

71% remove it

Search Protect by Conduit Ltd.

From the Terms of Service: "Search Protect is a separate piece of software installed on your hard-drive in connection with your installation of a Toolbar. It is designed to protect your Search settings from takeover by third parties.

84% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 94.31.0.28.IPYX-076665-ZYO.above.net (94.31.0.28:80)

Remove jZip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.