home

jzipsetup-r230-n-bi.exe

jZip

Bandoo Media, Inc.

The application jzipsetup-r230-n-bi.exe by Bandoo Media has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from download.cdn.archivefast.com.
Publisher:
Bandoo Media Inc  (signed by Bandoo Media, Inc.)

Product:
jZip

Description:
jZip Install

Version:
2.0.0.135670

MD5:
a68115f6cde5b44e5588903b722283f9

SHA-1:
e63a9458a3a2ab3278324e0cbe8cb4bf2b82e6f2

SHA-256:
deeb5b403373f4ed928cfdba4b39cbc60e3988489170e3f0d3005f178930c052

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional software offers in the setup installer included a branded Ask.com Toolbar (Movies/Music Toolbar).

Analysis date:
5/28/2024 6:16:49 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/SearchSuite
2015.10.09

Avira AntiVirus
PUA/iLivid.Gen
8.3.2.2

avast!
Win32:Adware-gen [Adw]
2014.9-160126

AVG
Generic
2017.0.2853

Comodo Security
Application.Win32.Bandoo.D
23382

Dr.Web
Adware.Bandoo.194
9.0.1.026

ESET NOD32
Win32/Toolbar.SearchSuite.J potentially unwanted (variant)
10.12381

F-Prot
W32/SearchSuite.B.gen
v6.4.7.1.166

G Data
NSIS.Application.SearchSuite
16.1.25

IKARUS anti.virus
PUA.Soffer
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.210.17479

Kaspersky
not-a-virus:WebToolbar.Win32.SearchSuite
14.0.0.759

Malwarebytes
PUP.Optional.Bandoo
v2016.01.26.07

McAfee
SearchSuite
5600.6509

NANO AntiVirus
Riskware.Win32.SearchSuite.dvtojt
0.30.26.3947

Reason Heuristics
PUP.Bandoo.BandooMedia.Installer (M)
16.1.26.7

Rising Antivirus
PE:Malware.RDM.41!5.2F[F1]
23.00.65.16124

SUPERAntiSpyware
PUP.Bandoo/Variant
9362

Trend Micro House Call
TROJ_GEN.R00GH06BP15
7.2.26

VIPRE Antivirus
Bandoo Media Inc
44404

File size:
1.4 MB (1,416,344 bytes)

Product version:
2.0.0.135670

Copyright:
Copyright (c) 2015 Bandoo Media Inc

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\jzipsetup-r230-n-bi.exe

Digital Signature
Signed by:
Bandoo Media, Inc.

Authority:
thawte, Inc.

Valid from:
11/27/2014 5:30:00 AM

Valid to:
2/24/2016 5:29:59 AM

Subject:
CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
3DECB3F6069817010107782EABF518FB

File PE Metadata
Compilation timestamp:
2/25/2012 12:50:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:L2KqYz3utEROE3cvWt9xkAzb8cQlE++NHXYNoPfS+:pD/OKc4xXz6F+iNoC+

Entry address:
0x38AF

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00...
 
[+]

Entropy:
7.9635

Packer / compiler:
Nullsoft install system v2.x

Code size:
29 KB (29,696 bytes)

The file jzipsetup-r230-n-bi.exe has been seen being distributed by the following URL.

http://download.cdn.archivefast.com/cdn/r/.../jZipSetup-r230-n-bi.exe

Remove jzipsetup-r230-n-bi.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.