» winzipersvc.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

winzipersvc.exe

OIVU Viewer

Taiwan Shui Mu Chih Ching Technology Limited

The application winzipersvc.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “WinZiper service”. This file is typically installed with the program WinZipper by Taiwan Shui Mu Chih Ching Technology Limited. which is a potentially unwanted software program.

File name:

winzipersvc.exe

Publisher:

Tai Wai Shui Mu (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:

OIVU Viewer

Description:

wzp service

Version:

2.1.77.377

MD5:

339d68e8f09c4471019055156b3e3650

SHA-1:

c08f0bdd587eacb27adf9245fe9b2ba0d03e7792

SHA-256:

3354a4b11176310e8dfa36a517b26f82ad8139c0e9e61cd96d34182617a40da5

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/27/2024 1:18:35 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Thinknice (M)

17.2.11.10

File size:

714.7 KB (731,824 bytes)

Product version:

2.1.77.377

Original file name:

OIVU.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\winzipper\winzipersvc.exe

Digital Signature

Signed by:

Taiwan Shui Mu Chih Ching Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

3/6/2015 3:19:12 AM

Valid to:

3/4/2016 6:26:37 AM

Subject:

CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=Taipei City, S=Taiwan, C=TW

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112127474DE010DA49D31D0EE8193EAC2D0E

File PE Metadata

Compilation timestamp:

1/15/2016 4:23:18 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x52FAC

Entry point:

E8, D7, DC, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 3E, 47, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, BA, 55, 00, 00, 59, 8B, F8, 56, 53, E8, A0, 03, 00, 00, 8B, D8, 59, 59, 85, DB, 74, 15, 3B, FE, 73, 11, 2B, F7, 56, 8D, 04, 1F, 6A, 00, 50, E8, 4B, D6, FF, FF, 83, C4, 0C, 8B, C3, 5B, 5F, 5E, 5D, C3, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50... 
[+]

Code size:

447.5 KB (458,240 bytes)

Service

Display name:

WinZiper service

Service name:

winzipersvc

Description:

WinZipper service

Type:

Win32OwnProcess

Group:

SchedulerGroup

The file winzipersvc.exe has been discovered within the following program.

WinZipper by Taiwan Shui Mu Chih Ching Technology Limited.

The free and trial versions bundle various potentually unwanted toolbars and web browser extensions including the AVG Toolbar which modifies the browser's search and home page settings..

www.winzipper.com

75% remove it

Remove winzipersvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.