home

winzipper_update_setup_1.5.137.1044.exe

Winzipper

The application winzipper_update_setup_1.5.137.1044.exe, “standard installer” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from t.qihutechs.com.
Product:
Winzipper

Description:
standard installer

Version:
1.5.137.1044

MD5:
cb2429bff7c6f17ce564031e13ba74bc

SHA-1:
595035c7b518e3c2425128d099142a9ca1bb74aa

SHA-256:
70bc660ea777cc132fdc483d3c8dcb16e81fd48521333a9720606fda733ec389

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 3:32:58 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.31.9

File size:
2.9 MB (2,990,704 bytes)

Product version:
1.5.137.1044

Copyright:
Copyright 2011-2015 Taiwan Shui Mu Chih Ching Technology Limited. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\winzipper_update_setup_1.5.137.1044.exe

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:0jawERtoZWGiLFd3wz1Yrunqhs32/DwsGQ9BKzt9sCwhLi2rc1UT+9gd2:0Wr/qWTTgqhUg0Bwg2I+T+O2

Entry address:
0x33E9

Entry point:
85, E9, 87, D7, 69, C2, D0, 5D, 01, 80, FE, C3, C7, C5, D9, E1, A4, E3, 2D, 1B, 30, 04, E5, F3, FF, C3, 89, F0, 0F, BE, CF, 81, F6, A7, BF, 00, 00, 4A, F3, 88, FB, FE, C9, 84, CC, 0F, BE, FE, 69, F8, 22, 20, 7D, F1, 2B, F9, 87, DF, F2, F6, C3, B1, E8, 00, 00, 00, 00, 5F, 8A, E7, 8B, DE, 81, F0, 9B, 4D, AD, E8, 81, D8, BD, 20, 10, A7, F2, 0F, BF, C2, 35, 62, F5, F1, FB, 48, 85, D8, 24, 73, 84, C4, 81, FA, A2, 28, 00, 00, C6, C1, 2E, 8A, D2, 84, D8, F7, C6, 2D, B6, D8, 5D, 38, E5, 23, C6, 3A, F2, 68, 25, 7E...
 
[+]

Entropy:
7.9974  (probably packed)

Code size:
25 KB (25,600 bytes)

The file winzipper_update_setup_1.5.137.1044.exe has been seen being distributed by the following URL.

http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe

Remove winzipper_update_setup_1.5.137.1044.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.