home

winzipper_update_setup_1.5.137.1044.exe

Winzipper

The application winzipper_update_setup_1.5.137.1044.exe, “standard installer” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from t.qihutechs.com.
Product:
Winzipper

Description:
standard installer

Version:
1.5.137.1044

MD5:
a68310e080438d72a1fe8192c5a957b5

SHA-1:
f952294fbdf6e508936371f08835ab552566be51

SHA-256:
39dcf9dd5688597ee6415d4762d734e569dbdd2e68f30b99754744a681f67bf4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 3:33:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
16.7.31.9

File size:
2.9 MB (2,994,800 bytes)

Product version:
1.5.137.1044

Copyright:
Copyright 2011-2015 Taiwan Shui Mu Chih Ching Technology Limited. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\winzipper_update_setup_1.5.137.1044.exe

File PE Metadata
Compilation timestamp:
4/10/2010 7:19:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:3VfVCzERtoZWGiLFd3wz1Yrunqhs32/DwsGQ9BKzt9sCwhLi2rc1UT+9gd2:3V5/qWTTgqhUg0Bwg2I+T+O2

Entry address:
0x33E9

Entry point:
71, 06, 8A, C6, 89, F8, 89, CA, 68, 3B, AC, 33, 00, 0F, AF, C6, 0F, BE, C0, 4B, 84, CF, 0A, DF, 85, DB, 72, 06, C6, C5, AA, 0F, BE, CF, 87, DD, 22, FC, 51, 69, DE, 45, 84, C5, 34, 69, EF, A8, 75, B7, 7C, 87, C9, 5A, 0F, AF, CB, 0F, B7, C8, 11, D9, 0F, B6, DB, 2B, C2, FF, C5, B5, DF, F3, 20, D7, F2, 86, DF, BA, 00, 00, 00, 00, 86, EC, F3, 0F, B7, EA, 1C, 6C, 71, 02, 88, D9, 81, C2, 10, 05, 00, 00, 40, 0F, AF, F9, 81, EA, 0F, 05, 00, 00, 43, 21, DB, 69, EF, 51, 94, DF, D9, 0F, AF, DB, 49, 81, FA, AE, 04, 00...
 
[+]

Entropy:
7.9974  (probably packed)

Code size:
25 KB (25,600 bytes)

The file winzipper_update_setup_1.5.137.1044.exe has been seen being distributed by the following URL.

http://t.qihutechs.com/update/new.2.0/wz/1.5.137/.../winzipper_update_setup_1.5.137.1044.exe

Remove winzipper_update_setup_1.5.137.1044.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.