home

WinzipMalwareProtector.exe

WinZip Malware Protector

WinZip Computing LLC

The application WinzipMalwareProtector.exe by WinZip Computing has been detected as a potentially unwanted program by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program WinZip Malware Protector by WinZip Computing, S.L. which is a potentially unwanted software program. While running, it connects to the Internet address cdn-87-248-217-254.frf.llnw.net on port 80 using the HTTP protocol.
Publisher:
Nico Mak Computing  (signed by WinZip Computing LLC)

Product:
WinZip Malware Protector

Version:
2.1.1000.10798

MD5:
1be78da8af38128cc18280c2f7f9beff

SHA-1:
7560adb6881d658a46f52ad1dcdf667b615f6ede

SHA-256:
8cc45cd29cd3682f625e28debb805d38ba627d5880c3d3d286797e9b43321427

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 3:34:22 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodc46.Trojan
1.3.0.4613

Dr.Web
riskware program Program.Unwanted.386
9.0.1.05190

ESET NOD32
MSIL/AdvancedSystemProtector.F potentially unwanted application
8.0.319.0

McAfee
Artemis!1BE78DA8AF38
5600.7284

Trend Micro House Call
TROJ_GEN.F47V1004
7.2.346

File size:
6.1 MB (6,390,448 bytes)

Product version:
2.1.1000.10798

Copyright:
Copyright © 2013 Systweak Inc. All rights reserved.

Original file name:
WinzipMalwareProtector.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\winzip malware protector\winzipmalwareprotector.exe

Digital Signature
Signed by:
WinZip Computing LLC

Authority:
GlobalSign nv-sa

Valid from:
7/9/2013 6:49:58 PM

Valid to:
7/10/2015 6:49:58 PM

Subject:
E=help@winzip.com, CN=WinZip Computing LLC, O=WinZip Computing LLC, L=Storrs Mansfield, S=CT, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112144096D1CB7E1128D086CAB8DEEAB88F2

File PE Metadata
Compilation timestamp:
4/1/2013 8:25:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:NNPxNK8ulRNey3Dlzzmk53QnQgru4Rd7hvjRQYX8nrLxX:bPxNK8ulXxDlzzuQgrLX6rLxX

Entry address:
0x60FC1E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0664

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.1 MB (6,348,288 bytes)

Scheduled Task
Task name:
WinZip Malware Protector_startup

Trigger:
Logon (Runs on logon)


The file WinzipMalwareProtector.exe has been discovered within the following program.

WinZip Malware Protector  by WinZip Computing, S.L.
Publisher's description - “Stop spyware in its tracks with WinZip Malware Protector, the software that safeguards your PC, files, passwords and personal information. WinZip Malware Protector detects and removes spyware, malware, worms and other malicious programs, automatically.”
www.winzip.com/prodpagemp.html
About 72% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 106-240-63-74.static.reverse.lstn.net  (74.63.240.106:80)

TCP (HTTP):
Connects to cdn-87-248-217-254.frf.llnw.net  (87.248.217.254:80)

TCP (HTTP):
Connects to cdn-87-248-217-253.frf.llnw.net  (87.248.217.253:80)

TCP (HTTP):
Connects to cdn-87-248-210-254.lon.llnw.net  (87.248.210.254:80)

TCP (HTTP):
Connects to cdn-87-248-195-254.lin.llnw.net  (87.248.195.254:80)

Remove WinzipMalwareProtector.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.