winzipper.exe

Yang Liu

The application winzipper.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Yang Liu  (signed and verified)

MD5:
19336fb7c150d1b06ecf712cba134438

SHA-1:
72d311334f4fa1317623e3aae1ffdee284fb2164

SHA-256:
82735ec87d2405d18dcd2cc0ec21b93b628486121015d789c24be60dbc24b8da

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:24:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Winzipper (M)
16.9.4.9

File size:
233 KB (238,583 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\crecult\winzipper.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
8/22/2016 6:00:00 AM

Valid to:
11/26/2016 5:59:59 AM

Subject:
CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
52ADD28CB74EF9131F283E63CF534923

File PE Metadata
Compilation timestamp:
8/23/2016 9:43:06 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:rnRw/wjVTy5RBwkK0I5dNBV+UdvrEFp7hKgVDQU2lQ:rRw/wjVT2KkK0ITNBjvrEH7TVDQUoQ

Entry address:
0x10688

Entry point:
E9, 8F, 42, FF, FF, E9, 7F, FE, FF, FF, 83, 25, B4, 82, 42, 00, 00, C3, 55, 8B, EC, A1, 40, 82, 42, 00, 33, 05, 40, 50, 42, 00, 74, 07, FF, 75, 08, FF, D0, 5D, C3, 5D, FF, 25, 08, D1, 41, 00, 55, 8B, EC, A1, 44, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 08, 74, 04, FF, D0, 5D, C3, FF, 15, 14, D1, 41, 00, 5D, C3, 55, 8B, EC, A1, 48, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 08, 74, 04, FF, D0, 5D, C3, FF, 15, 0C, D1, 41, 00, 5D, C3, 55, 8B, EC, A1, 4C, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 0C, FF...
 
[+]

Entropy:
7.0267

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
109.5 KB (112,128 bytes)

Remove winzipper.exe - Powered by Reason Core Security