winzipersvc.exe

update service

Taiwan Shui Mu Chih Ching Technology Limited

The application winzipersvc.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WinZiper service”. This file is typically installed with the program WinZipper by Taiwan Shui Mu Chih Ching Technology Limited. which is a potentially unwanted software program. While running, it connects to the Internet address 8.81.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Taiwan Shui Mu Chih Ching Technology Limited.  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
update service

Version:
1.4.8.7624

MD5:
f720502aaa03fab627a96e5eaadaa28d

SHA-1:
befc0099864aa52abb0a3b99793a5a1bf525401d

SHA-256:
36faa1cd612aefd5dd50aa3707de9b3d291ceaf697c1b1e59c03fab55fc01dfd

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/24/2024 4:14:45 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Service.TaiwanShuiMuChihChingTechnologyLimited.L
188861

herdProtect (fuzzy)
2013.12.23.11

Reason Heuristics
PUP.Service.TaiwanShuiMuChihChingTechnologyLimited.L
14.4.8.23

Vba32 AntiVirus
AdWare.D365
3.12.24.3

File size:
414.2 KB (424,104 bytes)

Product version:
1.4.8.7624

Copyright:
Copyright (C) 2012

Original file name:
updateSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winzipper\winzipersvc.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/13/2013 9:15:13 AM

Valid to:
3/14/2014 9:15:13 AM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=新北, S=台湾, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121243D90C81CD8FEC70E99813154FB6459

File PE Metadata
Compilation timestamp:
6/20/2013 8:22:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:zdiNC8U4CwMxxRUMRMzCgfF9nlSioLDMkg:1xxRU9CgfF9lOLDMkg

Entry address:
0x33038

Entry point:
E8, 16, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 92, A2, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 4F, 41, 00, 00, 85, C0, 74, 0A, E8, 46, 41, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 37, DE, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, A1, C0, D6, 45, 00, 33, C5, 89, 45, FC, 53, 56, 8B, F1, 33...
 
[+]

Code size:
307 KB (314,368 bytes)

Service
Display name:
WinZiper service

Service name:
winzipersvc

Description:
WinZipper service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file winzipersvc.exe has been discovered within the following programs.

WinZipper  by Taiwan Shui Mu Chih Ching Technology Limited.
The free and trial versions bundle various potentually unwanted toolbars and web browser extensions including the AVG Toolbar which modifies the browser's search and home page settings..
www.winzipper.com
75% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 8.81.6132.ip4.static.sl-reverse.com  (50.97.129.8:80)

Remove winzipersvc.exe - Powered by Reason Core Security