home

wzp.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from d26yaxxlnmhaem.cloudfront.net and multiple other hosts.
MD5:
4ba9e7ecd42daeb6dc94cdec401a4912

SHA-1:
8341bc0dd3d742361c4dbc68925b39c873f57c99

SHA-256:
da2de3bf11910103709c8782a529c3ce6b3ddcb106084a6bb9e13e3bb3355d9e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
1/8/2025 4:32:58 PM UTC  (today)

File size:
2.9 MB (3,012,335 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wzp.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:BJZUQxkgHIRi7VCC9MwP1G2IBulLFetAGrKKtmhtmQfdUJ3M4/XC82wdKG:Bg41HIRCg3ET80Fqr7tmfHUJ3MzjIKG

Entry point:
6D, 20, E6, F5, 7D, 46, 00, 5E, FB, A3, 81, E7, F0, AC, 77, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, A6, 18, B2, 9B, BB, F5, 4D, BA, 59, 07, 00, 40, 56, 18, E2, A0, CC, B5, 24, 82, 28, 8B, 6B, 3F, 31, 9F, 4D, 04, 6F, 0E, 8A, 6B, D3, 02, 82, 7A, D8, 7A, 36, 20, A9, 3A, 1E, E0, BC, F0, C3, 9D, 27, 90, D9, 7F, 4D, AD, 06, C5, D7, 56, 06, 47, 58, 60, 35, 9F, F9, 30, 33, 94, 7B, 4C, 44, E5, 88, 92, 22, 16, 50, 60, 23, 7F, 48, 38, 9D, E4, FF, D7, 7D, 04, D3, 34, 53, 1B, 4C, 22, 58, 0F, 80, 14, 44, 44...
 
[+]

The file wzp.exe has been seen being distributed by the following 9 URLs.

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.44/.../wzp.exe

http://113.171.224.171/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.34/.../wzp.exe

http://113.171.224.241/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.24/.../wzp.exe

http://113.171.224.208/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.40/.../wzp.exe

http://41.223.201.248:801/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.47/.../wzp.exe

Scan wzp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.