home

winzip.exe

Wizard

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application winzip.exe by Smart Secure Software S.l has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from ttb.grabsofts.com.
Publisher:
Smart Secure Software S.l.  (signed and verified)

Product:
Wizard

Version:
1. 9. 8. 7

MD5:
4937531bd55521f24a38650c3f4bef61

SHA-1:
7c575a4963c717a21a37cc5454a276d35cd3883e

SHA-256:
af41851ab64a35b63b159ca7427c143adec1f4ff2352e0ebfe27d9059e4d8806

Scanner detections:
22 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/27/2024 5:00:11 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.49537
6271127

Agnitum Outpost
Packed/PECompact
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2014.12.26

Avira AntiVirus
APPL/Softpulse.oanf
7.11.197.232

AVG
Generic
2015.0.3250

Bitdefender
Gen:Variant.Symmi.49537
1.0.20.1795

Comodo Security
Application.Win32.SoftPulse.D
20469

Dr.Web
Trojan.Domaiq.33
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Symmi.49537
9.0.0.4668

ESET NOD32
Win32/SoftPulse.S potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Symmi.49537
5.13.68

G Data
Gen:Variant.Symmi.49537
14.12.24

K7 AntiVirus
Unwanted-Program
13.188.14440

Malwarebytes
PUP.Optional.DomaIQ
v2014.12.25.11

McAfee
SoftPulse
5600.6906

MicroWorld eScan
Gen:Variant.Symmi.49537
15.0.0.1077

Norman
Gen:Variant.Symmi.49537
04.12.2014 14:30:06

Panda Antivirus
Trj/Genetic.gen
14.12.25.11

Reason Heuristics
PUP.SmartSecureSoftwareSl.G
14.12.25.10

Sophos
PUA 'SoftPulse' (of type Adware)
5.09

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4783235
35418

File size:
851 KB (871,448 bytes)

Product version:
1. 9. 8. 7

Copyright:
Copyright (C) 2014

Original file name:
Wizard.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\downloads\winzip.exe

Digital Signature
Signed by:
Smart Secure Software S.l.

Authority:
Thawte, Inc.

Valid from:
6/17/2014 1:00:00 AM

Valid to:
6/18/2015 12:59:59 AM

Subject:
CN=Smart Secure Software S.l., O=Smart Secure Software S.l., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7F616522D287E85A40984A2C01C414C1

File PE Metadata
Compilation timestamp:
12/23/2014 9:28:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:TYq2/9nnr5cDNsOQfKJL9ki1arPvi/cjaBYfvf:MqaxyDC2JmSoPvikO8f

Entry address:
0x1C106

Entry point:
B8, 50, B3, 51, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, D3, 52, 71, 8F, 10, 9D, 74, 62, B3, 00, 4F, B3, 31, 3B, A4, B3, FF, 83, B1, 7C, C9, 27, 43, 69, 31, 69, D3, 9B, 84, 1F, 21, 69, 1A, 5F, C4, 59, CB, 02, C8, BB, D8, 58, 37, D8, AB, 3D, 05, B0, 37, 1B, 06, 03, FB, 17, BF, 49, 9E, B9, D4, 90, 50, 86, 9B, B4, A5, AA, 1A, A8, 1D, 63, 5E, D8, 62, 02, DC, 1B, 78, A8, DF, A7, EC, E3, E2, 0B, A7, 24, 07, B9, AB, D2, B2, 3B, 0D...
 
[+]

Entropy:
7.9789

Packer / compiler:
PECompact v2

Code size:
208 KB (212,992 bytes)

The file winzip.exe has been seen being distributed by the following URL.

http://ttb.grabsofts.com/download/request/.../MO9DGQbU?__tc=1419393962.479&keyword=UK_WinZip_winzip&fileName=winzip

Remove winzip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.