home

winzipper_update_setup_1.5.137.1044.exe

Winzipper

The application winzipper_update_setup_1.5.137.1044.exe, “standard installer” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from t.qihutechs.com.
Product:
Winzipper

Description:
standard installer

Version:
1.5.137.1044

MD5:
05356775bcc910ec9cb0b5d701608360

SHA-1:
f19d09f4fb4acdeca0c1e984ee1886359780cb83

SHA-256:
7880539778073cb258d4ebc8ebd3886a6bc7ebf89e38e0415ea1ebecc896f8e1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/13/2025 1:43:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.31.9

File size:
2.9 MB (2,990,704 bytes)

Product version:
1.5.137.1044

Copyright:
Copyright 2011-2015 Taiwan Shui Mu Chih Ching Technology Limited. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winzipper_update_setup_1.5.137.1044.exe

File PE Metadata
Compilation timestamp:
4/10/2010 12:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:kzJERtoZWGiLFd3wz1Yrunqhs32/DwsGQ9BKzt9sCwhLi2rc1UT+9gd2:kC/qWTTgqhUg0Bwg2I+T+O2

Entry address:
0x33E9

Entry point:
60, 4D, 51, 78, 0C, 0F, BF, E9, 0F, AF, CE, 81, CB, B3, 99, 09, F3, 0F, B6, DA, 86, ED, C6, C5, C9, 80, D8, F7, 8D, 1D, D9, F6, 13, 58, 8D, 0D, 31, 23, 98, 60, FF, CE, 87, F7, 0F, AF, EF, 01, C5, 33, C9, 72, 06, 89, C7, 8B, F8, 89, D7, 03, CD, 78, 0E, 85, D6, C7, C7, 6B, 9A, 61, 2A, F7, C2, FF, 88, 42, 1D, F3, 69, EE, F7, A7, 5A, C1, 8B, F8, BB, 00, 00, 00, 00, 78, 06, 85, D5, 89, FF, 39, FD, 8D, 19, EB, 04, 8B, F6, FF, C5, EB, 02, 87, F6, 8B, C3, 3D, 86, 30, 00, 00, 78, 03, 0F, B6, FA, F2, 21, CF, 2B, D0...
 
[+]

Code size:
25 KB (25,600 bytes)

The file winzipper_update_setup_1.5.137.1044.exe has been seen being distributed by the following URL.

http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe

Remove winzipper_update_setup_1.5.137.1044.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.