» WinzipMalwareProtector.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

WinzipMalwareProtector.exe

WinZip Malware Protector

WinZip Computing LLC

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is installed with the program WinZip Malware Protector.

File name:

Publisher:

Nico Mak Computing (signed by WinZip Computing LLC)

Product:

WinZip Malware Protector

Version:

2.1.1000.15248

MD5:

0c3791aa02723c03df0fc96da56f23be

SHA-1:

7a4783768f3f5d772f92a2b0515858062d20b1a7

SHA-256:

96a3587f76a9a21fe2737c3a72ddf43ac8839e3b8f496f51cb70993765817194

Scanner detections:

4 / 68

Status:

Clean (4 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/26/2024 3:56:27 AM UTC (today)

Scan engine

Detection

Engine version

Bkav FE

W32.Clodc46.Trojan

1.3.0.4613

ESET NOD32

MSIL/AdvancedSystemProtector (variant)

10.9160

McAfee

Artemis!1BE78DA8AF38

5600.6496

Trend Micro House Call

TROJ_GEN.F47V1004

7.2.38

File size:

6.5 MB (6,789,320 bytes)

Product version:

2.1.1000.15248

Original file name:

WinzipMalwareProtector.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\winzip malware protector\winzipmalwareprotector.exe

Digital Signature

Signed by:

WinZip Computing LLC

Authority:

GlobalSign nv-sa

Valid from:

7/9/2013 6:49:58 PM

Valid to:

7/10/2015 6:49:58 PM

Subject:

E=help@winzip.com, CN=WinZip Computing LLC, O=WinZip Computing LLC, L=Storrs Mansfield, S=CT, C=US

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112144096D1CB7E1128D086CAB8DEEAB88F2

File PE Metadata

Compilation timestamp:

4/17/2015 9:40:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:h9HoJehzMMmj3eDQ/r14Rd7hvjRQLX8nrLx9:zo4hgM3Q/rRX6rLx9

Entry address:

0x6712DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

6.4 MB (6,747,136 bytes)

Scheduled Task

Task name:

WinZip Malware Protector_startup

Trigger:

Logon (Runs on logon)

The file WinzipMalwareProtector.exe has been discovered within the following program.

WinZip Malware Protector by WinZip Computing, S.L.

Publisher's description - “Stop spyware in its tracks with WinZip Malware Protector, the software that safeguards your PC, files, passwords and personal information. WinZip Malware Protector detects and removes spyware, malware, worms and other malicious programs, automatically.”

www.winzip.com/prodpagemp.html

About 72% of users remove it

Scan WinzipMalwareProtector.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.