home

zipopenersetup.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application zipopenersetup.exe by JumpyApps has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. It is also typically executed from the user's temporary directory.
Publisher:
JumpyApps  (signed and verified)

MD5:
61dea04f54af0b46ef81cc9c984afec9

SHA-1:
0b097b3a59f45dfa3ee51d7899e3445f053bb713

SHA-256:
84bb915b8bc1d3dff4fb07f9f9379e513b1e9c487d52a5912a511a7bf5b1c47c

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/23/2024 11:53:29 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
Adware/InstallCore.IU
7.11.127.60

AVG
Adware InstallCore
2016.0.3157

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Agent-820284
0.98/20249

Comodo Security
Application.Win32.InstallCore.UIJG
17678

Dr.Web
Trojan.Packed.29496
9.0.1.086

ESET NOD32
Win32/InstallCore.IU potentially unwanted application
7.0.302.0

F-Prot
W32/A-162cf872
v6.4.7.1.166

G Data
Win32.Application.InstallCore
15.3.24

herdProtect (fuzzy)
variant of zipopenersetup-2.exe (Adware)
2015.7.2.14

K7 AntiVirus
Unwanted-Program
13.204.15960

McAfee
Artemis!B13D99CA82F2
5600.6813

NANO AntiVirus
Trojan.Win32.DP.cybjlo
0.30.24.1357

Panda Antivirus
Trj/Genetic.gen
15.03.27.07

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
PUP.Bundler.ironSource
15.3.27.19

Rising Antivirus
PE:Malware.XPACK-LNR/Heur!1.5594
23.00.65.15325

Sophos
PUA 'Install Core Click run software'
5.14

Trend Micro House Call
TROJ_GEN.F47V0122
7.2.86

Vba32 AntiVirus
Downware.InstallCore
3.12.24.3

VIPRE Antivirus
Threat.4786018
39676

Zillya! Antivirus
Trojan.Kryptik.Win32.629944
2.0.0.2037

File size:
670.2 KB (686,264 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\zipopenersetup.exe

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/17/2013 4:00:00 PM

Valid to:
2/18/2014 3:59:59 PM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:QS3ySJzvtOHgKCXMyTtTQHVAf4GKtI7lOvr/yDVuPgvuzmfVAhy++DpW:BySJzEAK49C1HGKYOvr/yIgvAmtAhyB1

Entry address:
0xBAB4

Entry point:
55, 8B, EC, 83, C4, F4, B8, 54, BA, 40, 00, E8, 70, 96, FF, FF, 68, E0, BA, 40, 00, E8, 72, 97, FF, FF, 68, E0, BA, 40, 00, 6A, 00, E8, 3E, 97, FF, FF, E8, 8D, 75, FF, FF, 00, 64, 73, 61, 64, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8103

Developed / compiled with:
Microsoft Visual C++

Code size:
43 KB (44,032 bytes)

Remove zipopenersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.