ppzip_3974.exe

PP压缩安装程序

Chongqing Mizhan Technology Co., Ltd

This is a setup program which is used to install the application. The file has been seen being downloaded from down.guanjia.xalive.cn and multiple other hosts.
Publisher:
ppzip Inc  (signed by Chongqing Mizhan Technology Co., Ltd)

Product:
PP压缩安装程序

Version:
1.1.0.0

MD5:
762c274a64d8c53edd5d9307f63dccd8

SHA-1:
d2c2331384e59c69d0678382b79447627ee3dafc

SHA-256:
01002d5c7b0ef0b69bc31236eb7729e632a08314cc1f28a3629b11d5229bd035

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 11:32:05 AM UTC  (today)

File size:
2.7 MB (2,804,888 bytes)

Product version:
1.1

Copyright:
Copyright (C) 2016 ppzip Inc.

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ppzip_3974.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
3/18/2016 5:05:55 PM

Valid to:
3/18/2017 5:05:55 PM

Subject:
CN="Chongqing Mizhan Technology Co., Ltd", O="Chongqing Mizhan Technology Co., Ltd", L=Chongqing, S=Chongqing, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA G2, O=WoSign CA Limited, C=CN

Serial number:
29E4D311751EBF3905D6732B627C2802

File PE Metadata
Compilation timestamp:
4/16/2016 4:55:20 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:Td1eRmdmowleTHTx/yESrLbh9RjIXtKA/XRs0gfDczKbeDI/EVN3FD32JgF:hcQmoCmx/yEsLbDRjIXkA5ifaKb6I8fN

Entry address:
0x650B7

Entry point:
E8, 82, DD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 4D, 0C, 0F, B7, 11, 56, 8B, 75, 08, 0F, B7, 06, 2B, C2, 57, 75, 15, 2B, F1, 66, 85, D2, 74, 0E, 83, C1, 02, 0F, B7, 11, 0F, B7, 04, 0E, 2B, C2, 74, ED, 5F, 5E, 85, C0, 79, 05, 83, C8, FF, 5D, C3, 7E, 03, 33, C0, 40, 5D, C3, B8, 83, 39, 47, 00, A3, A0, 35, 4C, 00, C7, 05, A4, 35, 4C, 00, 79, 30, 47, 00, C7, 05, A8, 35, 4C, 00, 2D, 30, 47...
 
[+]

Entropy:
7.7745  (probably packed)

Code size:
620.5 KB (635,392 bytes)

The file ppzip_3974.exe has been seen being distributed by the following 3 URLs.

Scan ppzip_3974.exe - Powered by Reason Core Security