» winzip-19.exe
Overview
Analysis
File Details
Downloads (1)

winzip-19.exe

Installer

InstallOpti (Fried Cookie Ltd)

The Fried Cookie installer utilizes the InstallCore download manager which may bundle additional offers for various ad-supported toolbars, extensions and utilities. The application winzip-19.exe, “Installer Setup ” by InstallOpti (Fried Cookie) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.

File name:

winzip-19.exe

Publisher:

Internet Generic (signed by InstallOpti (Fried Cookie Ltd))

Product:

Installer

Description:

Installer Setup

Version:

5.0.5.8

MD5:

bbe973bb877c9a219f2323887c96f632

SHA-1:

c5d403c7eb3ac87f434ebfeaa9a06c4584bf8a22

SHA-256:

1b2978ddeddcef1d0f3f9a642db60c88507373add638e4cd1493bf43d5ddc864

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/16/2024 6:25:01 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallCore.FC.Installer (M)

16.4.20.9

File size:

785.7 KB (804,584 bytes)

Product version:

2.2.1

Application

File type:

Executable application (Win32 EXE)

Bundler/Installer:

installCore (using Inno Setup)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winzip-19.exe

Digital Signature

Signed by:

InstallOpti (Fried Cookie Ltd)

Authority:

GlobalSign nv-sa

Valid from:

4/28/2015 4:59:44 PM

Valid to:

4/28/2016 4:59:44 PM

Subject:

CN=InstallOpti (Fried Cookie Ltd), O=InstallOpti (Fried Cookie Ltd), L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11219B5CA2FB2B4C7ECABA3664646E52B687

File PE Metadata

Compilation timestamp:

6/19/1992 11:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:7mpGoMQX1n3ynQBiMosekitzMv5HEr/N43kXZMtwa9qurfjJ6njtjfwT2+pHTEi:7mp5MMinQBilkA05E43kbyjJ6nxr8NT3

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

The file winzip-19.exe has been seen being distributed by the following URL.

http://cdn.telechargerv2filescentersfarms.com/c?x=5Pw1ds7rV1l3cMuUGjpsBbpY39mBKFKMKX5/RVPeoAw=&c=6E9RcrYfLbUWmmqrgRU p0XNg3pTEcyjYwMVLHl449OBwXLeS15YbZPgzntt3Se2eSr83gWrXAjV5icy4Vkre2LkfbuGuqSsSt9gn4uevEgiOxtW6ij66ynY/vQRW5Kl3CnaOT6BNdPj5qrOXDeZ5w==&fallback_url=http://.../winzip195fr.exe&downloadAs=winzip-19.exe

Remove winzip-19.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.