home

wzp2yac.exe

equal max

The executable wzp2yac.exe has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.4-zip.com.
Publisher:
equal max

Product:
equal max

Version:
9.1.9.27

MD5:
d579da84e52c5edb9666f7e5b0aa2094

SHA-1:
c4f09453db762c3641860ab2037f100184398ae1

SHA-256:
a25c8858e34d4faf76f1581be6659f42ffbe6ef886cb2494a447d5c4f7d9d955

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/23/2024 2:47:33 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Virtu-A
160215-2

AVG
Win32/Virut
2015.0.4530

Dr.Web
Win32.Virut.56
9.0.1.05190

Emsisoft Anti-Malware
Win32.Virtob.Gen.12
10.0.0.5366

ESET NOD32
Win32/Virut.NBP virus
8.0.319.0

F-Prot
W32/Virut.AI
4.6.5.141

Kaspersky
Virus.Win32.Virut
15.0.0.562

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6304.0

VIPRE Antivirus
Threat.4737366
47236

File size:
449.5 KB (460,288 bytes)

Product version:
9.1.9.27

Copyright:
Copyright (C) equal max

Original file name:
equal max

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wzp2yac.exe

File PE Metadata
Compilation timestamp:
10/17/2007 4:34:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:tBqBljGCixJHV4K1IRVhC1uq8MFgX0QoH0C/z:veljkJiKQVhVq8MyEH0C/

Entry address:
0x7850D

Entry point:
83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, C0, FF, FF, FF, 4B, 66, 4B, 75, FC, 47, 0C, D6, 4F, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, E6, 13, 00, 00, 71, DF, A8, 51, 31, F8, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C8, 48, F6, D4, 49, 68, CC, A5, 53, 43, E8, 94, FF, FF, FF, 89, 74, 24, 44, E8, 5F, 00, 00, 00, 89, 44, 24, 34, 83, E8, 04, 0F, 82, 28, FF, FF, FF, 64, A1, 18, 00, 00, 00, 85, C0, 78, 0C, 31, C6, 20, E9, 8B, 40, 34...
 
[+]

Code size:
225 KB (230,400 bytes)

The file wzp2yac.exe has been seen being distributed by the following URL.

http://dl.4-zip.com/update/new.2.0/wz/1.5.123/.../wzp2yac.exe

Remove wzp2yac.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.