» wzp.exe
Overview
Analysis
File Details
Downloads (9)

wzp.exe

The executable wzp.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from d26yaxxlnmhaem.cloudfront.net and multiple other hosts.

File name:

wzp.exe

MD5:

691e3aaa2a8fdd53c0e5ed5bea6ce15c

SHA-1:

f35c14607348486188403486e60f5fb19fcf15ad

SHA-256:

4d9c7dc5a6bc73be87924957fe2b2aa47f210179fce116c83911cbc3be5c38d3

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

1/8/2025 4:44:12 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

(M)

16.8.6.10

File size:

2.9 MB (3,066,362 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wzp.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

49152:iAEZUQavm9LRVHwkmJCUATHs0fykhMPy8Ii9uxloaAYgp1GP+egNmbOgxRxrNTv/:T3O9L3HfmVAbsQSBIwyloaAmPfJx/ZTn

Entry point:

6D, 20, E6, F5, 7D, 46, 00, 5E, FE, 8F, 51, F8, EF, 93, 74, 00, 00, 00, 00, 00, 7F, 00, 00, 00, 00, 00, 00, 00, A3, 36, 66, 42, BB, F5, 4D, BA, 59, 07, 00, 40, 56, 18, E2, A0, CC, B5, 24, 82, 28, CC, 20, C1, 1A, B9, 86, BA, D1, FF, BD, A9, 50, BD, 10, EE, FF, CE, 02, C0, 34, 58, 4F, 7C, 3F, F8, A9, 6B, 08, 46, 3A, 25, 43, CF, A2, 0A, FA, 61, E7, 5A, 72, D7, E7, 4C, DC, 76, 13, 03, D4, 07, 4A, 5A, DF, F7, DA, 58, B4, 57, 9A, 32, 0C, 1D, 1D, C7, 93, 3C, 42, 33, 24, ED, 41, B3, BB, D9, 92, 21, AD, 98, AE, 57... 
[+]

Entropy:

7.9999 (probably packed)

The file wzp.exe has been seen being distributed by the following 9 URLs.

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.47/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.24/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.21/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.26/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.12/.../wzp.exe

http://113.171.224.246/.../wzp.exe

http://113.171.224.170/.../wzp.exe

http://113.171.224.208/.../wzp.exe

http://d26yaxxlnmhaem.cloudfront.net/Public/softs/wzp/2.2.36/.../wzp.exe

Remove wzp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.