home

xzipinst.exe

SuperCharging

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application xzipinst.exe by Maxiget Limited has been detected as adware by 10 anti-malware scanners.
Publisher:
SPC LLC  (signed by Maxiget Limited)

Product:
SuperCharging

Description:
DWD

Version:
3, 3, 17, 0

MD5:
05da7bc60f5a2fbb74e4db4565b1741b

SHA-1:
0c72d7f6ab29508b939305786debc0db45fc2fc1

SHA-256:
3f8521f92d263fd3c6b626c5694a7f1cb98768ee818c8d29546a8c931127ea20

Scanner detections:
10 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
4/26/2024 8:12:27 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.163.184

AVG
Generic
2015.0.3404

Dr.Web
Adware.Downware.6176
9.0.1.05190

ESET NOD32
Win32/4Shared.S potentially unwanted application
7.0.302.0

K7 AntiVirus
Unwanted-Program
13.181.12819

NANO AntiVirus
Trojan.Win32.MLW.dcebax
0.28.2.60990

Reason Heuristics
PUP.MaxigetLimited.I
14.8.7.21

Sophos
4Share Downloader
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
490.8 KB (502,528 bytes)

Product version:
3, 3, 17, 0

Copyright:
2013

Trademarks:
-

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\xzipinst.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
8/15/2013 10:41:32 AM

Valid to:
8/15/2016 10:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
045BA815265145

File PE Metadata
Compilation timestamp:
4/17/2014 8:26:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:x5SFRIrVisUqEFDyfijX1o/t7htpFqCjRQJTvbx:x5SFm5isULFDzjlo/1fGNpx

Entry address:
0x2FEA4

Entry point:
E8, 54, 98, 00, 00, E9, 78, FE, FF, FF, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04...
 
[+]

Entropy:
6.3813

Code size:
356 KB (364,544 bytes)

Remove xzipinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.