home

zipopenersetup.exe

JumpyApps

The file is a bundle distribution and utilizes the installCore download manager to distribute this potentially unwanted software. The application zipopenersetup.exe by JumpyApps has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the installCore installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions.
Publisher:
JumpyApps  (signed and verified)

MD5:
0ac3041a2a56ada75e670504c8c089e1

SHA-1:
8b9d2181554bd9b6bfb2e75a3926899290c23920

SHA-256:
f582c37669c3b74b08aef7822fd6072b9ddbd2068c171ebf7aa82358cbe2a31a

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 11:34:56 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.DownloadManager
15.02.22

Avira AntiVirus
Adware/InstallCore.A.69
7.11.148.224

AVG
Adware InstallCore.JD
2014.0.4257

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15222

Comodo Security
Application.Win32.Installcore.JJ
18248

Dr.Web
Trojan.Packed.24524
9.0.1.05190

ESET NOD32
Win32/InstallCore.JK potentially unwanted application
7.0.302.0

G Data
Win32.Application.InstallCore
15.2.24

K7 AntiVirus
Unwanted-Program
13.177.12041

McAfee
Artemis!415D497CB6AA
5600.6846

NANO AntiVirus
Trojan.Win32.Kryptik.cwezfs
0.28.0.59608

Panda Antivirus
Generic Suspicious
15.02.22.09

Reason Heuristics
PUP.Installer.ironSource
15.2.22.21

Sophos
PUA 'Install Core Click run software'
5.10

Trend Micro House Call
TROJ_GEN.F47V0212
7.2.53

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
InstallCore
29056

File size:
646.1 KB (661,584 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore

Common path:
C:\users\{user}\downloads\zipopenersetup.exe

Digital Signature
Signed by:
JumpyApps

Authority:
COMODO CA Limited

Valid from:
2/17/2013 4:00:00 PM

Valid to:
2/18/2014 3:59:59 PM

Subject:
CN=JumpyApps, O=JumpyApps, STREET=63 Rothschild Blvd., L=Tel Aviv, S=NA, PostalCode=65785, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
6DB423F9C6473168CF486AAF112EDD5C

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:31Lz2KeyNW4PViT/9/7a63HTLM+PZQttnkCtapnrJE2mco/GYIv1cBfV:3132sPoljjo+GttnkJNrbmB0aBf

Entry address:
0x8440

Entry point:
55, 8B, EC, 83, C4, EC, 33, C0, 89, 45, F0, 89, 45, EC, B8, 08, 84, 40, 00, E8, 48, C8, FF, FF, 33, C0, 55, 68, BD, 84, 40, 00, 64, FF, 30, 64, 89, 20, E8, 51, A2, FF, FF, 85, C0, 7E, 33, 8D, 55, F0, B8, 09, 00, 00, 00, E8, A0, A2, FF, FF, 8B, 45, F0, 50, B8, 64, 00, 00, 00, E8, EA, A2, FF, FF, 8D, 55, EC, E8, 42, D5, FF, FF, 8B, 55, EC, 58, E8, 5D, B0, FF, FF, 75, 05, E8, B2, FE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, 68, C4, 84, 40, 00, 8D, 45, EC, BA, 02, 00, 00, 00, E8, 78, AD, FF, FF, C3, E9, 0E, A8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
29.5 KB (30,208 bytes)

Remove zipopenersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.