home

winzip180.exe

WinZip 18

WinZip Computing

This is the installation and setup package for WinZip, a file compression/decompression utilitiy that has a GUI to zip interface. The installer might bundle additional software offers during setup including the AVG browser toolbar. The application winzip180.exe by WinZip Computing has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address inst.avg.com on port 80 using the HTTP protocol.
Publisher:
WinZip Computing  (signed and verified)

Product:
WinZip 18

Description:
WinZip 18 Setup

Version:
1,19,0,3503

MD5:
cc2756c88d394eb7a71471138a6c9507

SHA-1:
9f32b965ddf23db50e61a3b0de2445b1cf6cfa07

SHA-256:
cdd45a083cf78fa8a236d22becf09488c6092f3e4578b5aeef22418c5266c9bb

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
The setup program might include offers for additional software during installation.

Analysis date:
4/23/2024 4:52:57 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

Dr.Web
Adware.Downware.1923
9.0.1.0295

Emsisoft Anti-Malware
Gen:Variant.Adware.Dropper.101
8.14.10.22.04

ESET NOD32
Win32/OpenInstall (variant)
8.9521

Fortinet FortiGate
Riskware/OpenInstall
10/22/2014

K7 AntiVirus
Unwanted-Program
13.176.11524

McAfee
Artemis!CC2756C88D39
5600.6970

Sophos
Open Install
4.98

Trend Micro House Call
TROJ_GEN.F47V0205
7.2.295

File size:
410.9 KB (420,776 bytes)

Product version:
1,19,0,3503

Copyright:
Copyright © 2013

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\winzip180.exe

Digital Signature
Signed by:
WinZip Computing

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 1:00:00 AM

Valid to:
4/14/2014 1:59:59 AM

Subject:
CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E4842AC9691630B45F8266C0ADB1206

File PE Metadata
Compilation timestamp:
9/11/2013 3:01:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:bPEVT/DlxGmVQhlzYBH1PBrj+qCkeHX0h1Db5lugnuz3aJkx5De4:b+DfPVQhlzi5leMD7ul3CkxRe4

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 1C, 04, 00, 00, 53, 56, 57, BE, CC, 30, 40, 00, 8D, BD, E4, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F2, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E4, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, EC, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, EE, FD, FF, FF, F3, AB, 66, AB, 8D, 45, FE, 50, 8D, 85, EC, FD, FF, FF, 50, 8D, 85, E4, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, C6, 45, FE, 00, E8, 45, 01, 00, 00, 83, C4, 0C, 84, C0, 74, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to st.openinstall.com  (184.168.221.46:80)

TCP (HTTP):
Connects to oi.cloud.avg.com  (204.193.144.33:80)

TCP (HTTP):
Connects to inst.avg.com  (204.193.144.89:80)

Remove winzip180.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.