home

winzipper_update_setup_1.5.137.1044.exe

Winzipper

The application winzipper_update_setup_1.5.137.1044.exe, “standard installer” has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from t.qihutechs.com.
Product:
Winzipper

Description:
standard installer

Version:
1.5.137.1044

MD5:
ae41d5ec13114f88b087399e913d4b9f

SHA-1:
9ce4b7df75cc1c5ab6b319c164a5517c7ee77946

SHA-256:
b94533ea11579d8afc9313215124f90bc7aa4db375ed18309f9a79d6431dd95f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
1/13/2025 1:58:16 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160518-2

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

F-Prot
W32/Sality.gen2
4.6.5.141

Kaspersky
not-a-virus:Downloader.Win32.Elex
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.223.2775.0

VIPRE Antivirus
Threat.4758034
50318

File size:
2.9 MB (2,990,704 bytes)

Product version:
1.5.137.1044

Copyright:
Copyright 2011-2015 Taiwan Shui Mu Chih Ching Technology Limited. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winzipper_update_setup_1.5.137.1044.exe

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:HNERtoZWGiLFd3wz1Yrunqhs32/DwsGQ9BKzt9sCwhLi2rc1UT+9gd2:Ha/qWTTgqhUg0Bwg2I+T+O2

Entry address:
0x33E9

Entry point:
80, C5, 1D, 52, 89, FD, 0F, C9, F6, C3, BC, E8, 2C, 00, 00, 00, C7, C2, DD, 61, 34, 77, 18, D2, C7, C6, 73, 52, E7, B6, 81, FF, FF, 9D, 00, 00, 77, 02, 30, F8, 8B, FF, 40, EB, 02, 33, DB, 57, B9, CB, FA, 76, E2, 59, F7, C7, D3, 7C, 00, 9F, 5F, 84, CF, 0F, BF, C8, 8A, DE, 89, EE, 0F, CB, 88, C5, 02, EA, BD, 8C, 74, 09, 00, 49, 81, F5, 2C, 96, 00, 00, 81, ED, DF, 03, 00, 00, 12, F0, 55, 8A, D9, 58, 8A, F6, 35, C1, DE, 09, 00, 8D, 15, 3F, 2F, 61, 58, 33, C0, 30, F1, 0F, 6E, C7, 40, 45, C6, C2, D8, 8D, 35, 39...
 
[+]

Entropy:
7.9973  (probably packed)

Code size:
25 KB (25,600 bytes)

The file winzipper_update_setup_1.5.137.1044.exe has been seen being distributed by the following URL.

http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe

Remove winzipper_update_setup_1.5.137.1044.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.