home

wzUpg.exe

WinZipper

北京智明腾亿科技有限公司

The application wzUpg.exe by 北京智明腾亿科技有限公司 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-84-246-42.sfo20.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Winzipper Pvt Ltd.  (signed by 北京智明腾亿科技有限公司)

Product:
WinZipper

Description:
Winzipper upg

Version:
2.0.0.1

MD5:
11aa7b1d23fe219290843c4ca8c7cb44

SHA-1:
3605642a1ed8566c53d8b7e1813c0f48f818d2a2

SHA-256:
c54679796e33b9a02b230ad3373fafa622f98fd8c13b7653b06613ef6716b810

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
1/13/2025 5:21:29 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Winzipper (M)
16.7.8.9

File size:
361.1 KB (369,816 bytes)

Product version:
2.0.0.1

Copyright:
Copyright (c) 2015 Winzipper Pvt Ltd. All Rights Reserved.

Original file name:
wzUpg.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\omigazip\wzupg.exe

Digital Signature
Signed by:
北京智明腾亿科技有限公司

Authority:
GlobalSign nv-sa

Valid from:
12/14/2015 9:57:34 AM

Valid to:
12/14/2016 9:57:34 AM

Subject:
CN=北京智明腾亿科技有限公司, O=北京智明腾亿科技有限公司, L=北京, S=北京, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121333A0B1EA5C37487BE5B034CE7E548C2

File PE Metadata
Compilation timestamp:
3/28/2016 5:33:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:uZkMb+q63bPzDaSnTcju0Eeaey2kT8BzDLbuJ19dHM5Je4:uZkMblqLCSsiqZkePLbuJ1A5Je4

Entry address:
0x1CDD6

Entry point:
E8, F9, 9B, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 75, 0B, FF, 75, 0C, E8, 07, EB, FF, FF, 59, 5D, C3, 56, 8B, 75, 0C, 85, F6, 75, 0D, FF, 75, 08, E8, BC, EA, FF, FF, 59, 33, C0, EB, 4D, 53, EB, 30, 85, F6, 75, 01, 46, 56, FF, 75, 08, 6A, 00, FF, 35, 60, C7, 44, 00, FF, 15, A8, 51, 43, 00, 8B, D8, 85, DB, 75, 5E, 39, 05, 64, C7, 44, 00, 74, 40, 56, E8, 3E, 45, 00, 00, 59, 85, C0, 74, 1D, 83, FE, E0, 76, CB, 56, E8, 2E, 45, 00, 00, 59, E8, 62, 22, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, 5B...
 
[+]

Code size:
206 KB (210,944 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-83-56.lax1.r.cloudfront.net  (52.85.83.56:80)

TCP (HTTP):
Connects to server-54-192-55-167.jfk6.r.cloudfront.net  (54.192.55.167:80)

TCP (HTTP):
Connects to server-52-85-77-55.lax3.r.cloudfront.net  (52.85.77.55:80)

TCP (HTTP):
Connects to server-52-84-246-42.sfo20.r.cloudfront.net  (52.84.246.42:80)

Remove wzUpg.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.