home

wzp.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from d26yaxxlnmhaem.cloudfront.net and multiple other hosts.
MD5:
affb0cd0877b8da9bd5b504f62f52a66

SHA-1:
69856788265af826c4dff1f77de9a12aaccfc298

SHA-256:
fabcdc8e5f74948cf36240fe1a7964cda45558dbfbcfddefe18bf75da95cf36a

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 8:06:35 PM UTC  (today)

File size:
2.9 MB (3,016,054 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\wzp.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:6ccqko88u6gKTrQrKkPFI/oPgaLGxQ6vyZ7jYozSidoaxL2sB3nXe0/9xHF4W:jcqkpKmJI/oPjLorI7korppXvjF/

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, DA, 90, 4A, 09, 6B, 5F, 74, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, 59, 3B, 10, 88, BB, F5, 4D, BA, 59, 07, 00, 40, 56, 18, E2, A0, CC, B5, 24, 82, 28, 8B, 68, 5D, D9, B1, 92, C2, D6, F3, 88, C2, 81, BC, 1C, DC, 03, 56, 16, 02, 90, 19, DD, 51, D8, 14, EA, BA, 35, 62, 54, 2A, 73, FB, F8, 2F, 5F, D8, F3, E5, C7, 57, 71, FF, 10, 6C, 05, 37, A7, E4, 15, DB, 06, 23, 79, 7C, 66, CF, B8, B8, 7C, 84, 3F, 5A, 17, 2A, 5A, 2C, F1, D9, 57, 5E, ED, F7, D1, 07, 75, 83, 2D, C3...
 
[+]

Entropy:
7.9999  (probably packed)

The file wzp.exe has been seen being distributed by the following 2 URLs.

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.36/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.49/.../wzp.exe

Scan wzp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.