» wzduis19.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

wzduis19.exe

WinZip Computing

The application wzduis19.exe by WinZip Computing has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from download.winzipsystemtools.com. While running, it connects to the Internet address inst.avg.com on port 80 using the HTTP protocol.

File name:

wzduis19.exe

Publisher:

WinZip Computing (signed and verified)

MD5:

585887050dad519911f956dab5cd3514

SHA-1:

58b296c9f363f240a5cd7135cd25e5a63fba76c5

SHA-256:

8ebd345934d2565edefb9c0ffd8e9d17fa4795e0b0a0884fb889d3f2049d1f9f

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:

4/26/2024 11:24:30 AM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.InstallC

2015.0.3508

Comodo Security

Application.Win32.InstallCore.BWAN

18080

ESET NOD32

Win32/InstallCore.BC (variant)

8.9660

McAfee

Artemis!585887050DAD

5600.7164

VIPRE Antivirus

Trojan.Win32.Generic

28194

File size:

679.4 KB (695,696 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\users\{user}\downloads\wzduis19.exe

Digital Signature

Signed by:

WinZip Computing

Authority:

VeriSign, Inc.

Valid from:

2/15/2014 4:00:00 AM

Valid to:

5/17/2016 3:59:59 AM

Subject:

CN=WinZip Computing, OU=IT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WinZip Computing, L=Mansfield, S=Connecticut, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4A0099B9A58D592947DF50CC37517426

File PE Metadata

Compilation timestamp:

6/20/1992 2:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

12288:Y5QFaEPl5vxg7StV5H+I6Tny4cZrRHzPlQaBZiQvxVtbrEIjpe:WQFpPlISb5HJCdcZtTlBiQBfjU

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE... 
[+]

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file wzduis19.exe has been seen being distributed by the following URL.

http://download.winzipsystemtools.com/.../wzduis19.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to oi.cloud.avg.com (204.193.144.33:80)

TCP (HTTP):

Connects to inst.avg.com (204.193.144.89:80)

Remove wzduis19.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.