home

winzip170.exe

WinZip 17

WinZip Computing

This is the installation and setup package for WinZip, a file compression/decompression utilitiy that has a GUI to zip interface. The installer might bundle additional software offers during setup including the AVG browser toolbar. The application winzip170.exe by WinZip Computing has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from aka-files.inst.avg.com. While running, it connects to the Internet address inst.avg.com on port 80 using the HTTP protocol.
Publisher:
WinZip Computing  (signed and verified)

Product:
WinZip 17

Description:
WinZip 17 Setup

Version:
1,18,0,2949

MD5:
996d6ae37f554b4822f7dfd237772a24

SHA-1:
c0ca40287bc9abb73f5e1f6484898a57cec528f2

SHA-256:
1a0ae4d898d9c36f523f07cc777f1185e06e6e9eb7f341293dc476be76200dc9

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
The setup program might include offers for additional software during installation.

Analysis date:
4/25/2024 11:44:33 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

AhnLab V3 Security
ASD.Prevention
2013.01.15

Avira AntiVirus
PUA/OpenInstall.Gen
8.3.1.6

Baidu Antivirus
Adware.Win32.OpenInstall
4.0.3.15823

Bkav FE
W32.Clod080.Trojan
1.3.0.4924

Dr.Web
Adware.Downware.1348
9.0.1.0235

Emsisoft Anti-Malware
Trojan.Win32.OpenInstall.AMN
8.15.08.23.08

ESET NOD32
Win32/OpenInstall (variant)
9.8081

Fortinet FortiGate
Riskware/OpenInstall
8/23/2015

herdProtect (fuzzy)
variant of oiassistwtd.exe (Adware)
2015.10.20.15

K7 AntiVirus
Unwanted-Program
13.175.11046

McAfee
Artemis!88CCA8B6BEAF
5600.6664

MicroWorld eScan
Win32/OpenInstall
16.0.0.705

NANO AntiVirus
Riskware.Win32.Downware.dszcbf
0.30.24.3079

Norman
XPack.CX
11.20150823

Sophos
Open Install
4.95

Trend Micro House Call
TROJ_GEN.F47V0126
7.2.235

Vba32 AntiVirus
Backdoor.Swrort.aur
3.12.20.2

VIPRE Antivirus
Trojan.Win32.Generic
21402

XVirus List
Win32.Detected
2.5.3

File size:
360.3 KB (368,904 bytes)

Product version:
1,18,0,2949

Copyright:
Copyright © 2012

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winzip170.exe

Digital Signature
Signed by:
WinZip Computing

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 12:00:00 AM

Valid to:
4/14/2014 12:59:59 AM

Subject:
CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E4842AC9691630B45F8266C0ADB1206

File PE Metadata
Compilation timestamp:
10/19/2012 4:34:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:k3ctoLU3AfFKMxnG8PJf2BQV504y8KLBy2wtsWftySDNqsGTUbQp:k8QKknGcAk0/8KrXYtySDhGUbQp

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 18, 04, 00, 00, 53, 56, 57, BE, A4, 30, 40, 00, 8D, BD, E8, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F6, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E8, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, F0, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, F2, FD, FF, FF, F3, AB, 66, AB, 8D, 85, F0, FD, FF, FF, 50, 8D, 85, E8, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, E8, 0F, 01, 00, 00, 84, C0, 59, 59, 74, 15, 8D, 75, F8, 8D, BD, F0, FD, FF, FF...
 
[+]

Entropy:
7.7400

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file winzip170.exe has been seen being distributed by the following URL.

http://aka-files.inst.avg.com/dl/patched/2013/04/17/.../WinZip170.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to st.openinstall.com  (184.168.221.46:80)

TCP (HTTP):
Connects to oi.cloud.avg.com  (204.193.144.33:80)

TCP (HTTP):
Connects to inst.avg.com  (204.193.144.89:80)

Remove winzip170.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.