» wzpup_2015.5.05_4.exe
Overview
Analysis
File Details
Downloads (1)

wzpup_2015.5.05_4.exe

nsis_setup

tony do DLT.

The application wzpup_2015.5.05_4.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dl.4-zip.com.

File name:

Publisher:

tony do DLT.

Product:

nsis_setup

Version:

6.0.1.14

MD5:

ff4d8ad3a2bbcd4ccd94e0e0bedbf3e3

SHA-1:

ee32febb51056b314388f49faada5f11729da06d

SHA-256:

9f9d166db3fd94240178bb305cb0d6c38b6cf2574bf16dbb6d7c1dae01fe8f05

Scanner detections:

10 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 7:00:07 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Kukacka

160327-1

AVG

Win32/Sality

2015.0.4542

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

11.5.0.6191

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Program.Artemis!FF425D7D8D18

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.217.1293.0

Norman

Win32.Sality.3

02.04.2016 17:35:19

File size:

275.4 KB (282,054 bytes)

Product version:

6.0.1.14

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\wzpup_2015.5.05_4.exe

File PE Metadata

Compilation timestamp:

4/10/2010 5:19:23 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:b0FgPWHVawAVx7pLYlxZzCu+tJZiONjrgBVsu0Jc88gCp:b0F6Bp8li3ZiYYYu0L8P

Entry address:

0x33E9

Entry point:

60, 81, DE, 0D, 73, 46, 25, 35, 9E, 47, B1, 84, F6, C3, 77, 8D, 0D, 18, B8, B7, CE, 29, CB, 89, CE, 81, C9, 43, 7B, 42, E6, 1A, DF, EB, 06, 69, D5, 74, 41, A4, 90, 33, F9, 78, 04, 24, 94, 84, D8, 10, D0, 68, 0E, 12, 58, 00, F6, C2, 83, 8D, 15, 9E, 1F, A0, 14, 69, CB, 99, 55, 52, FB, EB, 04, F2, 8B, D6, F2, E8, 00, 00, 00, 00, 02, C1, 69, DD, A1, A8, 84, 71, 45, EB, 06, 84, C0, 86, C1, 86, E8, 89, F7, 89, C3, 85, ED, 56, 0C, 56, 5A, 73, 02, 84, D0, 5A, 0F, AF, DA, F3, 68, 39, BE, D5, 00, 68, FE, C7, 29, 00... 
[+]

Entropy:

7.8652 (probably packed)

Code size:

25 KB (25,600 bytes)

The file wzpup_2015.5.05_4.exe has been seen being distributed by the following URL.

http://dl.4-zip.com/update/new.2.0/wz/1.5.95/.../wzpup_2015.5.05_4.exe

Remove wzpup_2015.5.05_4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.