home

xzipinst.exe

SuperCharging

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application xzipinst.exe by Maxiget Limited has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer.
Publisher:
SPC LLC  (signed by Maxiget Limited)

Product:
SuperCharging

Description:
DWD

Version:
3, 3, 29, 0

MD5:
b26cf9d2a6aa186ff91d5754aed01dc9

SHA-1:
4455ca6ad25083f861a76def9e412910f64fe632

SHA-256:
9bc7e60377e1692c1717116f503ba312c99397450ad17f90bb37fa7358fda74d

Scanner detections:
14 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 7:53:57 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.4Shared
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.165.70

AVG
Generic
2015.0.3426

Dr.Web
Adware.Downware.1751, Adware.Downware.5151
9.0.1.0182

ESET NOD32
Win32/4Shared.U potentially unwanted application
8.7.0.302.0

G Data
Win32.Application.4shared
14.9.24

herdProtect (fuzzy)
variant of xzipinst(1).exe (Adware)
2014.9.1.23

IKARUS anti.virus
PUA.4Shared
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.182.12959

Malwarebytes
PUP.Optional.4Shared
v2014.09.01.07

McAfee
Obfosha
5600.7020

Reason Heuristics
PUP.MaxigetLimited.I
14.8.7.21

Sophos
4Share Downloader
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
385.9 KB (395,112 bytes)

Product version:
3, 3, 29, 0

Copyright:
2013

Trademarks:
-

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\xzipinst.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 9:41:06 AM

Valid to:
8/15/2016 7:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
6/12/2014 1:45:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:J9nenRDSG/R7KhG5KkSN54EnuhAKhSk82Ag5VDw8EaJmTBbGkzOlZ:7negG/xIVb4quhA5kN5VDV1UTkkzwZ

Entry address:
0x2A2FC

Entry point:
E8, FB, A3, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 58, DD, 44, 00, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, A4, F5, 44, 00, 75, 38, 53, 53, 33, FF, 47, 57, 68, 74, 2D, 44, 00, 68, 00, 01, 00, 00, 53, FF, 15, 58, 01, 44, 00, 85, C0, 74, 08, 89, 3D, A4, F5, 44, 00, EB, 15, FF, 15, C4, 00, 44, 00, 83, F8, 78, 75, 0A, C7, 05, A4, F5, 44, 00, 02, 00, 00, 00, 39, 5D, 14, 7E, 22, 8B, 4D, 14, 8B, 45, 10, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, 45, 14, 2B, C1...
 
[+]

Code size:
248.5 KB (254,464 bytes)

Remove xzipinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.