winzipperdl.exe

Desk 365

337 Technology Limited

The application winzipperdl.exe, “Promotion application” by 337 Technology Limited has been detected as adware by 23 anti-malware scanners. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address a4.c8.24ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
337 Technology Limited.  (signed by 337 Technology Limited)

Product:
Desk 365

Description:
Promotion application

Version:
1.15.10.8274

MD5:
9eb970a174957ee3690640dbb91d2f72

SHA-1:
07a133a0702a9eab715da9dc1f05a1c28b593db4

SHA-256:
7c31d2f9a8c42aa3dcf8f212eca0a976aba6a0384b58087dc72e1713aad0b44e

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
11/23/2024 11:10:44 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Wysotot
7.1.1

Avira AntiVirus
APPL/Downloader.Gen
7.11.123.26

Baidu Antivirus
Adware.Win32.D365
4.0.3.14221

Bitdefender
Application.ExqPage.A
1.0.20.1095

Bkav FE
W32.Clod371.Trojan
1.3.0.4613

Comodo Security
ApplicUnwnt
17203

Dr.Web
Trojan.DownLoader10.42942
9.0.1.012

ESET NOD32
Win32/ELEX (variant)
8.9243

Fortinet FortiGate
W32/Badur.CAXS!tr
1/12/2014

F-Secure
Application.ExqPage.A
11.2014-07-08_5

G Data
Application.ExqPage
14.8.22

IKARUS anti.virus
Trojan.Win32.Badur
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.174.10720

Kaspersky
Trojan.Win32.Badur
14.0.0.4476

McAfee
Artemis!9EB970A17495
5600.7252

Microsoft Security Essentials
TrojanDownloader:Win32/Wysotot.B
1.10302

MicroWorld eScan
Application.ExqPage.A
15.0.0.657

NANO AntiVirus
Trojan.Win32.DownLoader10.csozzb
0.28.0.57473

Panda Antivirus
Suspicious file
14.01.12.07

Reason Heuristics
PUP.337TechnologyLimited.L
14.8.7.20

Sophos
Generic PUA AG
4.94

Trend Micro House Call
TROJ_GEN.F47V1116
7.2.12

Vba32 AntiVirus
Trojan.Badur
3.12.24.3

File size:
262 KB (268,336 bytes)

Product version:
1.15.10.8274

Copyright:
Copyright (C) 2012

Original file name:
deskdl.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\winzipperdl.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
6/25/2012 11:04:18 AM

Valid to:
6/26/2015 11:04:18 AM

Subject:
CN=337 Technology Limited, O=337 Technology Limited, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A511A565DC1022CCD7BA41E2E418FE65

File PE Metadata
Compilation timestamp:
11/13/2013 10:56:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:7DqfEhxhfVssbg2GyMVJigwPqodZwNfV53RCqFQxNLz8BZ6kQksxCQvQof4oHIaw:7DpVssbgzuqodZwNLIqixJzcI8Mf4oG

Entry address:
0x10B31

Entry point:
E8, B0, 8C, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03, F9, 83, F1, FF, 33...
 
[+]

Code size:
160.5 KB (164,352 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to a4.c8.24ae.ip4.static.sl-reverse.com  (174.36.200.164:80)

Remove winzipperdl.exe - Powered by Reason Core Security