home

jzipsetup-r20-n-bc.exe

jZip

Bandoo Media, Inc.

The application jzipsetup-r20-n-bc.exe by Bandoo Media has been detected as a potentially unwanted program by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from download.jzip.com.
Publisher:
Bandoo Media Inc  (signed by Bandoo Media, Inc.)

Product:
jZip

Description:
jZip Install

Version:
2.0.0.135670

MD5:
31668bc3464e05dd7da739830a72ed47

SHA-1:
ea845f7c7bf367f8bf9b6fac4d0704420e16654e

SHA-256:
c72ad54849da484d094590da98bac01c9e5f9e162d8b94ec97c7f080140411aa

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
5/1/2024 8:16:46 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/SearchSuite
2015.02.17

Avira AntiVirus
Adware/SeaSuite.inze
7.11.210.142

AVG
Adware Generic_r.VQ
2014.0.4253

Comodo Security
Application.Win32.Bandoo.D
21104

Dr.Web
Adware.Bandoo.194
9.0.1.05190

ESET NOD32
Win32/Toolbar.SearchSuite.J potentially unwanted application
7.0.302.0

F-Prot
W32/S-c8942c0c
v6.4.7.1.166

G Data
Win32.Application.Agent.VJFYZ5
15.2.25

IKARUS anti.virus
PUA.Soffer
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.195.14983

Malwarebytes
PUP.Optional.Bandoo
v2015.02.16.06

McAfee
Program.SearchSuite
16.8.708.2

NANO AntiVirus
Riskware.Win32.Bandoo.dgnlaz
0.30.0.65070

Reason Heuristics
PUP.Installer.BandooMedia
15.2.16.18

VIPRE Antivirus
Threat.4895518
36694

File size:
1.4 MB (1,453,024 bytes)

Product version:
2.0.0.135670

Copyright:
Copyright (c) 2015 Bandoo Media Inc

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\jzipsetup-r20-n-bc.exe

Digital Signature
Signed by:
Bandoo Media, Inc.

Authority:
thawte, Inc.

Valid from:
11/26/2014 7:00:00 PM

Valid to:
2/23/2016 6:59:59 PM

Subject:
CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3DECB3F6069817010107782EABF518FB

File PE Metadata
Compilation timestamp:
2/24/2012 2:20:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:/2KqnHqebutERS9TMzP/M5r4+ZvKGT4b8gCkUCl0BPp7Em6WvRFe3zI:Cqeb/8QP/MBKGT4b8gC36qY76FUI

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9651

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file jzipsetup-r20-n-bc.exe has been seen being distributed by the following URL.

http://download.jzip.com/jZipSetup.exe

Remove jzipsetup-r20-n-bc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.