home

xzipinst.exe

CHummer

Maxiget Limited

This is a bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application xzipinst.exe, “Description is empty” by Maxiget Limited has been detected as adware by 36 anti-malware scanners. The program is a setup application that uses the New IT Desktop Setup installer.
Publisher:
Elit -e - Company  (signed by Maxiget Limited)

Product:
CHummer

Description:
Description is empty

Version:
3, 5, 13, 0

MD5:
106e6a844903f73890b6d164998a105d

SHA-1:
54376e793b3f2239a190f53bb1caef783f0abe83

SHA-256:
ea74709580916225b2fcb837ce4e7baa1aff0db11b2720a8200edee78023aadf

Scanner detections:
36 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 3:22:48 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1034981
354

AegisLab AV Signature
Troj.Dropper.W32.Agent
2.1.4+

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2014.09.29

Avira AntiVirus
APPL/Downloader.Gen
7.11.172.30

avast!
Win32:FourShared-AL [PUP]
2014.9-160215

AVG
Generic
2017.0.2832

Baidu Antivirus
PUA.Win32.4Shared
4.0.3.16215

Bitdefender
Trojan.Generic.11669913
1.0.20.230

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.4shared-26
0.98/20565

Comodo Security
Application.Win32.4Shared.XEF
19518

Dr.Web
Adware.Downware.11006, Adware.Downware.9959
9.0.1.046

Emsisoft Anti-Malware
Application.Generic.1034981
8.16.02.15.06

ESET NOD32
Win32/4Shared.AD potentially unwanted application
10.7.0.302.0

F-Prot
W32/A-5663f742
v6.4.7.1.166

F-Secure
Riskware.Application.Generic.1034981
11.2016-15-02_2

G Data
Win32.Application.4shared
16.2.24

IKARUS anti.virus
PUA.4Shared
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13358

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.656

Malwarebytes
PUP.Optional.Elite
v2016.02.15.06

McAfee
Program.4shared
5600.6488

MicroWorld eScan
Trojan.Generic.11669913
17.0.0.138

NANO AntiVirus
Riskware.Win32.Downware.decuce
0.28.2.61942

Norman
Application.Generic.1034981
11.20160215

nProtect
Trojan.Generic.11669913
14.09.26.01

Panda Antivirus
Trj/Genetic.gen
16.02.15.06

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.New IT Limited.Maxiget.Bundler (M)
16.2.15.18

Sophos
PUA '4Share Downloader'
5.15

SUPERAntiSpyware
Adware.4Shared/Variant
9321

Total Defense
Win32/Tnega.dWJHIMB
37.1.62.1

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
33120

Zillya! Antivirus
Downloader.Adload.Win32.17712
2.0.0.1935

File size:
39.8 KB (40,800 bytes)

Product version:
3, 5, 13, 0

Copyright:
2014

Trademarks:
No

Original file name:
DHelper

File type:
Executable application (Win32 EXE)

Bundler/Installer:
New IT Desktop Setup

Common path:
C:\users\{user}\downloads\xzipinst.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 3:41:06 AM

Valid to:
8/15/2016 1:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
9/5/2014 10:53:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:pOwfivq/RsoZNUYbmSChHUborYp9vZ12CTCIG2q3YO:93mhhfYp9x12CTCqq3P

Entry address:
0x3210

Entry point:
55, 8B, EC, 83, E4, F8, 83, EC, 0C, 53, 56, 57, 8D, 44, 24, 10, 50, C7, 44, 24, 14, 08, 00, 00, 00, C7, 44, 24, 18, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, 68, A0, 1F, B9, 00, 6A, 00, FF, 15, 94, 40, 40, 00, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 01, 68, 00, 00, 00, 80, 68, A0, 1F, B9, 00, FF, 15, 8C, 40, 40, 00, 8B, F8, 83, FF, FF, 0F, 84, 30, 01, 00, 00, E8, BA, E3, FF, FF, 57, 8B, 3D, 90, 40, 40, 00, 8A, D8, FF, D7, 84, DB, 0F, 84, 18, 01, 00, 00, 66, 83, 3D, C8, A0, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

Remove xzipinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.