home

winzip165multi-language.exe

WinZip 16.5

WinZip Computing

This is the installation and setup package for WinZip, a file compression/decompression utilitiy that has a GUI to zip interface. The installer might bundle additional software offers during setup including the AVG browser toolbar. The application winzip165multi-language.exe, “WinZip 16.5 Setup” by WinZip Computing has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address inst.avg.com on port 80 using the HTTP protocol.
Publisher:
WinZip Computing  (signed and verified)

Product:
WinZip 16.5

Description:
WinZip 16.5 Setup

Version:
1,18,0,2719

MD5:
b61fb792ed5c21e2154d161ea06594d3

SHA-1:
68c62ede9c2fa6bba8327b0d0fd9f01e9277e581

SHA-256:
5c52242f0131a716e6ae1fd66a0751f4b524834805cd394310b30e4dee5c9e51

Scanner detections:
2 / 68

Status:
Potentially unwanted

Explanation:
The setup program might include offers for additional software during installation.

Analysis date:
4/26/2024 5:36:13 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenInstall (variant)
8.8332

Reason Heuristics
PUP.Bundler (M)
16.3.4.18

File size:
352.3 KB (360,704 bytes)

Product version:
1,18,0,2719

Copyright:
Copyright © 2012

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
WinZip Computing

Authority:
VeriSign, Inc.

Valid from:
3/15/2012 9:00:00 PM

Valid to:
4/13/2014 7:59:59 PM

Subject:
CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E4842AC9691630B45F8266C0ADB1206

File PE Metadata
Compilation timestamp:
7/12/2012 6:14:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:Gut0zVZDY2zmr6aL0+aXMUqNU2iMmORtpuSEomlUNqsGTUDIM:GoqVFzTaaXM162iOPpu+HhGUDIM

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 1C, 04, 00, 00, 53, 56, 57, BE, 88, 30, 40, 00, 8D, BD, E4, FB, FF, FF, A5, A5, A5, 66, A5, 6A, 7E, 59, 33, C0, 8D, BD, F2, FB, FF, FF, F3, AB, 66, AB, BE, 04, 01, 00, 00, 56, 8D, 85, E4, FB, FF, FF, 50, FF, 15, 50, 30, 40, 00, 33, C0, 33, DB, 66, 89, 9D, EC, FD, FF, FF, B9, 81, 00, 00, 00, 8D, BD, EE, FD, FF, FF, F3, AB, 66, AB, 8D, 85, EC, FD, FF, FF, 50, 53, 68, 80, 30, 40, 00, 8D, 85, E4, FB, FF, FF, 50, FF, 15, 04, 30, 40, 00, 8D, 85, EC, FD, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7 KB (7,168 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to st.openinstall.com  (184.168.221.46:80)

TCP (HTTP):
Connects to oi.cloud.avg.com  (204.193.144.33:80)

TCP (HTTP):
Connects to inst.avg.com  (204.193.144.89:80)

Remove winzip165multi-language.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.