home

wzp2yac.exe

equal max

The application wzp2yac.exe has been detected as a potentially unwanted program by 12 anti-malware scanners. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from dl.4-zip.com.
Publisher:
equal max

Product:
equal max

Version:
9.1.9.27

MD5:
5522a8a7b7d388a45051688e3d50834b

SHA-1:
7c310b6d7174cbf33b0a513e602dc530bfb87f0d

SHA-256:
13d867dbbf538ec4dab4528d573668c7d39dc3c8a1dc3e664eac38a0aa010359

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/23/2024 3:02:05 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160327-1

AVG
Win32/Parite
2015.0.4556

Dr.Web
Adware.Mutabaha.986, Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
7.0.302.0

F-Prot
W32/Parite.B
4.6.5.141

F-Secure
Win32.Parite.B
5.15.96

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1958.0

Norman
Win32.Parite.B
10.04.2016 15:29:17

VIPRE Antivirus
Threat.46249
48690

File size:
563.5 KB (576,988 bytes)

Product version:
9.1.9.27

Copyright:
Copyright (C) equal max

Original file name:
equal max

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wzp2yac.exe

File PE Metadata
Compilation timestamp:
1/12/2016 9:10:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:lD8KJdKUwFVy5drAndW7MyI6Y4wBhoORMHGgsF:lD8K/KUwFVy5CkMydY4wBhR

Entry address:
0x6A000

Entry point:
B9, C7, 2F, 49, 00, 68, 22, A0, 46, 00, 5E, 90, 90, 68, 98, 05, 00, 00, 5A, 90, FF, 34, 32, 31, 0C, 24, 8F, 04, 32, 90, 83, EA, 04, 90, 90, 75, EF, 90, 2F, 52, 48, 00, C7, 2F, 49, 00, C7, 2F, 09, 00, 4B, E6, 48, 00, C7, 37, 4F, 00, 1B, 32, 4F, 00, C7, 9F, 4B, 00, C6, 2F, 49, 00, E7, 7F, 0A, 00, 41, 33, 0C, 00, 69, 33, 0C, 00, 2B, 2C, 4C, 00, 43, 33, 4C, 00, 6B, 33, 4C, 00, E7, 13, 4A, 00, 43, 33, 4C, 00, 6B, 33, 4C, 00, C7, 2F, 49, 00, C7, 2F, 49, 00, C7, 2F, 49, 00, C7, 2F, 49, 00, C7, 2F, 49, 00, C7, 2F...
 
[+]

Entropy:
6.5894

Code size:
206 KB (210,944 bytes)

The file wzp2yac.exe has been seen being distributed by the following URL.

http://dl.4-zip.com/update/new.2.0/wz/1.5.135/.../wzp2yac.exe

Remove wzp2yac.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.