» winzipper_update_setup_1.5.137.1044.exe
Overview
Analysis
File Details
Downloads (1)

winzipper_update_setup_1.5.137.1044.exe

Winzipper

The application winzipper_update_setup_1.5.137.1044.exe, “standard installer” has been detected as a potentially unwanted program by 12 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from t.qihutechs.com.

File name:

Product:

Winzipper

Description:

standard installer

Version:

1.5.137.1044

MD5:

b8c894d6068d8beaeb0c8e14369810fe

SHA-1:

53c874c0964aaca07676d08837c5372f5f0c0d83

SHA-256:

433a3dcaceb614b35542ff5088e24246f6221e47901260f4c4fa745ec6b6459e

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

1/13/2025 1:59:27 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Parite

160326-0

AVG

Win32/Parite

2015.0.4530

Dr.Web

Adware.Mutabaha.229, Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

11.5.0.6191

ESET NOD32

Win32/Parite.B virus

8.0.319.0

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.15.96

Kaspersky

Virus.Win32.Parite

15.0.0.562

McAfee

Virus.W32/Pate.b

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1958.0

Norman

Win32.Parite.B

02.04.2016 17:35:19

VIPRE Antivirus

Threat.46249

48690

File size:

3 MB (3,099,100 bytes)

Product version:

1.5.137.1044

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winzipper_update_setup_1.5.137.1044.exe

File PE Metadata

Compilation timestamp:

4/10/2010 5:49:23 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:pfERtoZWGiLFd3wz1Yrunqhs32/DwsGQ9BKzt9sCwhLi2rc1UT+9gdbtfkRmw:p8/qWTTgqhUg0Bwg2I+T+Ob9Lw

Entry address:

0xFB000

Entry point:

68, B8, 2F, 49, 00, 5B, 68, 22, B0, 4F, 00, 5E, 68, 98, 05, 00, 00, 5F, 90, 90, 31, 1C, 3E, 90, 90, 83, EF, 02, 83, EF, 02, 90, 90, 75, F1, 90, 90, 90, 50, 52, 48, 00, B8, 2F, 49, 00, B8, 2F, 09, 00, 51, 1C, 49, 00, C8, BD, 65, 00, 64, B6, 65, 00, B8, 9F, 4B, 00, B9, 2F, 49, 00, D8, AF, 09, 00, BE, A0, 09, 00, AC, A0, 09, 00, BC, 5C, 49, 00, BC, A0, 49, 00, AA, A0, 49, 00, D8, 47, 49, 00, BC, A0, 49, 00, AA, A0, 49, 00, B8, 2F, 49, 00, B8, 2F, 49, 00, B8, 2F, 49, 00, B8, 2F, 49, 00, B8, 2F, 49, 00, B8, 2F... 
[+]

Entropy:

7.9969 (probably packed)

Code size:

25 KB (25,600 bytes)

The file winzipper_update_setup_1.5.137.1044.exe has been seen being distributed by the following URL.

http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe

Remove winzipper_update_setup_1.5.137.1044.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.