home

xzipinst.exe

CHummer

Maxiget Limited

This is part of a bundled installer which provides applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application xzipinst.exe, “Description is empty” by Maxiget Limited has been detected as adware by 29 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Elit -e - Company  (signed by Maxiget Limited)

Product:
CHummer

Description:
Description is empty

Version:
3, 5, 13, 0

MD5:
8871f077d6c09eca7e33302498edb7cc

SHA-1:
969fa56ddb9f21361db594a960835dc9ec281fd4

SHA-256:
653dfaf570825bc0d77c671323f09f14d7637bf45d79d75dd438112e0ea1ffdf

Scanner detections:
29 / 68

Status:
Adware

Explanation:
This is a modified installer version of the software and bundles additional offers including adware.

Analysis date:
4/16/2024 5:50:24 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.Jaiks.244
833

Agnitum Outpost
PUA.4Shared
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2014.09.29

Avira AntiVirus
APPL/4Shared.X.85
7.11.168.242

AVG
Generic
2015.0.3311

Baidu Antivirus
PUA.Win32.4Shared
4.0.3.141025

Bitdefender
Gen:Variant.Application.Bundler.Jaiks.244
1.0.20.1490

Clam AntiVirus
Win.Trojan.4shared-26
0.98/19437

Comodo Security
Application.Win32.4Shared.XEF
19292

Dr.Web
Adware.Downware.1751
9.0.1.0298

Emsisoft Anti-Malware
Gen:Variant.Strictor.65095
8.14.10.25.09

ESET NOD32
probably Win32/4Shared.X potentially unwanted application
8.7.0.302.0

F-Prot
W32/A-5663f742
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2014-25-10_7

G Data
Win32.Application.4shared
14.10.24

IKARUS anti.virus
PUA.4Shared
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13166

Kaspersky
not-a-virus:Downloader.Win32.AdLoad
14.0.0.3048

Malwarebytes
PUP.Optional.Elite
v2014.10.25.09

McAfee
4shared
5600.6967

MicroWorld eScan
Gen:Variant.Application.Bundler.Jaiks.244
15.0.0.894

NANO AntiVirus
Riskware.Win32.Downware.decuce
0.28.2.61721

Panda Antivirus
Trj/Genetic.gen
14.10.25.09

Reason Heuristics
PUP.MaxigetLimited.I
14.10.25.9

Sophos
PUA.4Share Downloader
55

SUPERAntiSpyware
PUP.4Shared/Variant
10278

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Backdoor.PePatch.Win32.43863
2.0.0.1927

File size:
39.8 KB (40,744 bytes)

Product version:
3, 5, 13, 0

Copyright:
2014

Trademarks:
No

Original file name:
DHelper

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\xzipinst.exe

Digital Signature
Signed by:
Maxiget Limited

Authority:
GoDaddy.com, Inc.

Valid from:
6/3/2014 1:41:06 PM

Valid to:
8/15/2016 11:41:32 AM

Subject:
CN=Maxiget Limited, O=Maxiget Limited, L=Limassol, S=Cyprus, C=CY

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
043F9C868704FA

File PE Metadata
Compilation timestamp:
9/5/2014 8:53:24 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:xOwfivq/RsoZNUYbmSChHUborYp9vZ12CTCIG2qb:V3mhhfYp9x12CTCqqb

Entry address:
0x3210

Entry point:
55, 8B, EC, 83, E4, F8, 83, EC, 0C, 53, 56, 57, 8D, 44, 24, 10, 50, C7, 44, 24, 14, 08, 00, 00, 00, C7, 44, 24, 18, 20, 00, 00, 00, FF, 15, 00, 40, 40, 00, 68, 28, 0A, 00, 00, 68, A0, 1F, B9, 00, 6A, 00, FF, 15, 94, 40, 40, 00, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 01, 68, 00, 00, 00, 80, 68, A0, 1F, B9, 00, FF, 15, 8C, 40, 40, 00, 8B, F8, 83, FF, FF, 0F, 84, 30, 01, 00, 00, E8, BA, E3, FF, FF, 57, 8B, 3D, 90, 40, 40, 00, 8A, D8, FF, D7, 84, DB, 0F, 84, 18, 01, 00, 00, 66, 83, 3D, C8, A0, 40, 00...
 
[+]

Entropy:
5.5142

Developed / compiled with:
Microsoft Visual C++

Code size:
9 KB (9,216 bytes)

Remove xzipinst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.