home

HanZip.exe

HanZip

DreamWiz Internet Co.,Ltd

The application HanZip.exe by DreamWiz Internet Co.,Ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address cache.google.com on port 80 using the HTTP protocol.
Publisher:
DreamWiz Internet  (signed by DreamWiz Internet Co.,Ltd)

Product:
HanZip

Version:
2.0.0.54

MD5:
324567600eb43ea30f9eb9c3cc59a027

SHA-1:
a30b6dad057f09c5344b084469b97cbd3e5b86d4

SHA-256:
9094b9a7918595c378b10b63de9d883c329d26156e13113f804e2539842576ee

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 11:39:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DreamWiz (M)
16.4.28.18

File size:
5.3 MB (5,568,776 bytes)

Product version:
2.0.0.0

Copyright:
Copyright(C) 2012 by DreamWiz Internet all right reserved

Original file name:
HanZip.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\hantools\hanzip\hanzip.exe

Digital Signature
Signed by:
DreamWiz Internet Co.,Ltd

Authority:
thawte, Inc.

Valid from:
12/4/2015 9:00:00 AM

Valid to:
1/3/2017 8:59:59 AM

Subject:
CN="DreamWiz Internet Co.,Ltd", OU=IT Team, O="DreamWiz Internet Co.,Ltd", L=Guro-gu, S=SEOUL, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2C28441B5E4D45C0B4A25EBFE0B40940

File PE Metadata
Compilation timestamp:
1/14/2016 4:22:36 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:fJGR2If8zkcauj8a/WOOfy7tKUrJDrZp4qLR:fsrkawcOOfAD3L

Entry address:
0x3C1BC0

Entry point:
55, 8B, EC, B9, 04, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, B8, 14, 06, 7B, 00, E8, C4, A2, C4, FF, 33, C0, 55, 68, DE, 1D, 7C, 00, 64, FF, 30, 64, 89, 20, A1, 90, F0, 7F, 00, 8B, 00, E8, D6, 39, DA, FF, A1, 90, F0, 7F, 00, 8B, 00, BA, F8, 1D, 7C, 00, E8, FD, 33, DA, FF, B2, 01, A1, 90, 40, 44, 00, E8, C9, 09, C9, FF, A3, 7C, 75, 9F, 00, 33, C0, 55, 68, F8, 1C, 7C, 00, 64, FF, 30, 64, 89, 20, B8, 0C, 1E, 7C, 00, E8, 5C, D2, DC, FF, E8, AF, 2D, C4, FF, 8B, D8, 85, DB, 7E, 2B, BE, 01, 00, 00, 00...
 
[+]

Entropy:
6.5598

Developed / compiled with:
Microsoft Visual C++

Code size:
3.8 MB (3,933,184 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cache.google.com  (59.18.45.168:80)

TCP (HTTP):
Connects to nsp-s1-4-c.rt.bora.net  (203.233.37.186:80)

Remove HanZip.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.