Windows Analysis Report
WinZip Smart Monitor Service.exe

Overview

General Information

Sample name: WinZip Smart Monitor Service.exe
Analysis ID: 1546675
MD5: ecd432986963e97a86a806aa604e8f88
SHA1: 96c4521574a7bf110166d661904fa0cedbfec5f0
SHA256: ee0a88f7b0f818c49f0360aec035baa81eed8b2769e9d9fc9959b3c1e974a161

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Signatures

Program does not show much activity (idle)

Classification

Source: WinZip Smart Monitor Service.exe Static PE information: certificate valid
Source: WinZip Smart Monitor Service.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: D:\Projects\Pulse_git\bin\x64\Release\WinZip Smart Monitor Service.pdb source: WinZip Smart Monitor Service.exe
Source: WinZip Smart Monitor Service.exe, 00000000.00000003.1654543161.0000023388E31000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000003.1654484556.0000023388E23000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: WinZip Smart Monitor Service.exe, 00000000.00000002.1655136959.0000023388E39000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000003.1654612613.0000023388E32000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.di
Source: WinZip Smart Monitor Service.exe, 00000000.00000003.1654484556.0000023388DE6000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000003.1654627488.0000023388DE6000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000003.1654690322.0000023388DE9000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000002.1655008522.0000023388DE9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0E
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: WinZip Smart Monitor Service.exe, 00000000.00000003.1654484556.0000023388DE6000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000003.1654627488.0000023388DE6000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000003.1654690322.0000023388DE9000.00000004.00000020.00020000.00000000.sdmp, WinZip Smart Monitor Service.exe, 00000000.00000002.1655008522.0000023388DE9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256Ti
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://ocsp.digicert.com0A
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://ocsp.digicert.com0C
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://ocsp.digicert.com0N
Source: WinZip Smart Monitor Service.exe String found in binary or memory: http://ocsp.digicert.com0X
Source: WinZip Smart Monitor Service.exe String found in binary or memory: https://updaterv.winzip.com/api/updateWZSNUpdates
Source: WinZip Smart Monitor Service.exe String found in binary or memory: https://www.digicert.com/CPS0
Source: classification engine Classification label: clean0.winEXE@1/0@0/0
Source: WinZip Smart Monitor Service.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: WinZip Smart Monitor Service.exe String found in binary or memory: /INSTALLPATH%s=%s-run"
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe File read: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Section loaded: gpapi.dll Jump to behavior
Source: WinZip Smart Monitor Service.exe Static PE information: certificate valid
Source: WinZip Smart Monitor Service.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: WinZip Smart Monitor Service.exe Static file information: File size 1489392 > 1048576
Source: WinZip Smart Monitor Service.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: WinZip Smart Monitor Service.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: WinZip Smart Monitor Service.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: WinZip Smart Monitor Service.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: WinZip Smart Monitor Service.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: WinZip Smart Monitor Service.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: WinZip Smart Monitor Service.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: WinZip Smart Monitor Service.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\Projects\Pulse_git\bin\x64\Release\WinZip Smart Monitor Service.pdb source: WinZip Smart Monitor Service.exe
Source: WinZip Smart Monitor Service.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: WinZip Smart Monitor Service.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: WinZip Smart Monitor Service.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: WinZip Smart Monitor Service.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: WinZip Smart Monitor Service.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\WinZip Smart Monitor Service.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1546675 Sample: WinZip Smart Monitor Service.exe Startdate: 01/11/2024 Architecture: WINDOWS Score: 0 4 WinZip Smart Monitor Service.exe 2->4         started       
No contacted IP infos