home

winzip180.exe

WinZip 18

WinZip Computing

This is the installation and setup package for WinZip, a file compression/decompression utilitiy that has a GUI to zip interface. The installer might bundle additional software offers during setup including the AVG browser toolbar. This is a self-extracting archive and installer. The file has been seen being downloaded from inst.winzip.com.
Publisher:
WinZip Computing  (signed and verified)

Product:
WinZip 18

Description:
WinZip 18 Setup

Version:
1,19,0,3503

MD5:
8616f36340e686769bd863b3818b43ec

SHA-1:
baa0b89d82e43a1cf71b3f5185bfe2602279a660

Scanner detections:
9 / 68

Status:
Clean  (9 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/18/2024 3:15:47 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenInstall
7.1.1

Dr.Web
Adware.Downware.1923
9.0.1.026

Emsisoft Anti-Malware
Trojan.Generic.10143455
8.16.01.26.05

ESET NOD32
Win32/OpenInstall (variant)
10.9367

Fortinet FortiGate
Riskware/EmployeeActMon
1/26/2016

K7 AntiVirus
Unwanted-Program
13.176.11496

McAfee
Artemis!AD7A90655937
5600.6508

Sophos
Open Install
4.97

Trend Micro House Call
TROJ_GEN.F47V0118
7.2.26

File size:
410.9 KB (420,800 bytes)

Product version:
1,19,0,3503

Copyright:
Copyright © 2013

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
WinZip Computing

Authority:
VeriSign, Inc.

Valid from:
3/16/2012 1:00:00 AM

Valid to:
4/14/2014 1:59:59 AM

Subject:
CN=WinZip Computing, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E4842AC9691630B45F8266C0ADB1206

File PE Metadata
Compilation timestamp:
9/11/2013 3:01:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:jPEVT/DlxGmVQhlzYBH1PBrj+qCkeHX0h1Db5lugnuz3aJkx5Dm:j+DfPVQhlzi5leMD7ul3CkxRm

Entry address:
0x1000

Entry point:
55, 8B, EC, 81, EC, 1C, 04, 00, 00, 53, 56, 57, BE, CC, 30, 40, 00, 8D, BD, E4, FB, FF, FF, A5, A5, A5, 6A, 7E, 66, A5, 59, 33, C0, 8D, BD, F2, FB, FF, FF, F3, AB, 66, AB, BB, 04, 01, 00, 00, 53, 8D, 85, E4, FB, FF, FF, 50, FF, 15, 5C, 30, 40, 00, 66, 83, A5, EC, FD, FF, FF, 00, 33, C0, B9, 81, 00, 00, 00, 8D, BD, EE, FD, FF, FF, F3, AB, 66, AB, 8D, 45, FE, 50, 8D, 85, EC, FD, FF, FF, 50, 8D, 85, E4, FB, FF, FF, 50, C7, 45, F8, FD, FF, FF, FF, C6, 45, FE, 00, E8, 45, 01, 00, 00, 83, C4, 0C, 84, C0, 74, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
7.5 KB (7,680 bytes)

The file winzip180.exe has been seen being distributed by the following URL.

http://inst.winzip.com/.../dl.php?&sid=home_xp&pid=11400068&hash=ad557ac4f12339a60b992f2e650d0e3e0c979ed4

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to oi.cloud.avg.com  (204.193.144.33:80)

TCP (HTTP):
Connects to inst.avg.com  (204.193.144.89:80)

Scan winzip180.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.