home

winzipper_update_setup_1.5.137.1044.exe

Winzipper

The application winzipper_update_setup_1.5.137.1044.exe, “standard installer” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from t.qihutechs.com.
Product:
Winzipper

Description:
standard installer

Version:
1.5.137.1044

MD5:
8af25aa3785d77e765df2dac16619ed6

SHA-1:
8cb64a6bd158838a8a3e5e6036aa58f5d2a7ed80

SHA-256:
c40ef8d8028d9051ead38a9f3d8876830de368b68599a76bb2cb4341efd6da75

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/13/2025 1:46:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.31.9

File size:
2.9 MB (2,998,896 bytes)

Product version:
1.5.137.1044

Copyright:
Copyright 2011-2015 Taiwan Shui Mu Chih Ching Technology Limited. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winzipper_update_setup_1.5.137.1044.exe

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:OdEbbERtoZWGiLFd3wz1Yrunqhs32/DwsGQ9BKzt9sCwhLi2rc1UT+9gd2:OD/qWTTgqhUg0Bwg2I+T+O2

Entry address:
0x33E9

Entry point:
85, FA, 78, 06, 8D, 05, F5, FE, 1E, 1C, 12, F5, C6, C7, D1, 31, D6, 33, ED, 41, F6, C5, 76, 81, E7, 97, 4D, E4, BA, F2, 69, CF, BB, 32, C6, 81, 15, EE, C7, 79, 46, 8B, C9, 81, C5, 69, F3, FF, FF, 86, D6, 0F, AF, CE, 81, C5, 98, 0C, 00, 00, 42, B3, B9, 85, F8, 69, D2, 34, 7D, B6, 7B, 81, FD, F4, 06, 00, 00, 0F, 82, C0, FF, FF, FF, 01, F0, B9, 81, AB, 50, 66, 48, 02, E2, E8, 00, 00, 00, 00, 5D, 88, F6, 0F, B7, D2, 43, 8D, 1D, D3, C3, 9E, 89, 81, CB, 31, DE, 04, 99, 86, F3, C6, C3, 8C, F7, C1, 1B, F1, E7, 30...
 
[+]

Entropy:
7.9974  (probably packed)

Code size:
25 KB (25,600 bytes)

The file winzipper_update_setup_1.5.137.1044.exe has been seen being distributed by the following URL.

http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe

Remove winzipper_update_setup_1.5.137.1044.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.