home

WinZip170.exe

WinZip 17

WinZip Computing

This is the installation and setup package for WinZip, a file compression/decompression utilitiy that has a GUI to zip interface. The installer might bundle additional software offers during setup including the AVG browser toolbar. The application WinZip170.exe by WinZip Computing has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. While running, it connects to the Internet address inst.avg.com on port 80 using the HTTP protocol.
Publisher:
WinZip Computing  (signed and verified)

Product:
WinZip 17

Description:
WinZip 17 Setup

Version:
1,18,0,2949

MD5:
04f3aabbf909e9b0512a2355ac2c4a8e

SHA-1:
0f45aaa50c9e60a399b92d70d6017c0df3e2d31b

SHA-256:
bc22c0687adb5e475afbf741d90fb8fc18c45971c5135cfcce7d2d09a366c497

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
The setup program might include offers for additional software during installation.

Analysis date:
4/25/2024 5:28:05 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

AhnLab V3 Security
ASD.Prevention
2013.01.15

Avira AntiVirus
PUA/OpenInstall.Gen
8.3.2.4

Baidu Antivirus
Adware.Win32.OpenInstall
4.0.3.16215

Bkav FE
W32.HfsAdware
1.3.0.7400

Dr.Web
Adware.Downware.1348
9.0.1.046

Emsisoft Anti-Malware
Trojan.Win32.OpenInstall.AMN
8.16.02.15.02

ESET NOD32
Win32/OpenInstall potentially unwanted (variant)
10.12884

Fortinet FortiGate
Riskware/OpenInstall
2/15/2016

F-Prot
W32/S-ca8455f6
v6.4.7.1.166

K7 AntiVirus
Adware
13.212.18452

McAfee
Artemis!939158CA4778
5600.6488

MicroWorld eScan
Win32/OpenInstall
17.0.0.138

NANO AntiVirus
Riskware.Win32.Downware.cwgqfu
1.0.14.5380

Norman
XPack.CX
11.20160215

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16213

Sophos
Open Install (PUA)
4.98

SUPERAntiSpyware
PUP.OpenInstall/Variant
9322

Trend Micro House Call
TROJ_GEN.F47V0126
7.2.46

Vba32 AntiVirus
Backdoor.Swrort.aur
3.12.20.2

VIPRE Antivirus
Trojan.Win32.Generic
21402

XVirus List
Win32.Detected
2.5.3

Zillya! Antivirus
Adware.AlteredSoftware.Win32.67
2.0.0.2616

File size:
360.2 KB (368,864 bytes)

Product version:
1,18,0,2949

Copyright:
Copyright © 2012

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winzip170.exe

Digital Signature
Signed by:
WinZip Computing

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 7:00:00 AM

Valid to:
4/14/2014 6:59:59 AM

Subject:
CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E4842AC9691630B45F8266C0ADB1206

File PE Metadata
Compilation timestamp:
10/19/2012 10:34:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:h3ctoLU3AfFKMxnG8PJf2BQV504y8KLBy2wtsWftySDNqsGTUbrm:h8QKknGcAk0/8KrXYtySDhGUbrm

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 18, 04, 00, 00, 53, 56, 57, BE, A4, 30, 40, 00, 8D, BD, E8, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F6, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E8, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, F0, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, F2, FD, FF, FF, F3, AB, 66, AB, 8D, 85, F0, FD, FF, FF, 50, 8D, 85, E8, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, E8, 0F, 01, 00, 00, 84, C0, 59, 59, 74, 15, 8D, 75, F8, 8D, BD, F0, FD, FF, FF...
 
[+]

Entropy:
7.7400

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to oi.cloud.avg.com  (204.193.144.33:80)

TCP (HTTP):
Connects to inst.avg.com  (204.193.144.89:80)

Remove WinZip170.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.