wzupg.exe

setup.exe

Yang Liu

The application wzupg.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. While running, it connects to the Internet address server-54-230-187-101.cdg51.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Winziper Pvt Ltd.  (signed by Yang Liu)

Product:
setup.exe

Version:
2.2.52.0

MD5:
ec08818217e7d9160e0ddee241a50efb

SHA-1:
aa80ac2b2224076b8ced1db28377c4a6724eb72e

SHA-256:
bfbd7bdc9c9d9af6ed42bf26659ad0f0d7598ba45c17417e1cef2997933e8aac

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:06:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Elex (M)
16.8.23.9

File size:
385.1 KB (394,352 bytes)

Product version:
2.2.52.0

Copyright:
Winziper Pvt Ltd.

Original file name:
setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winzipper\wzupg.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
8/22/2016 3:00:00 AM

Valid to:
11/26/2016 1:59:59 AM

Subject:
CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
52ADD28CB74EF9131F283E63CF534923

File PE Metadata
Compilation timestamp:
8/16/2016 6:02:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:G65q1089APUIT0JS/G7TOX688TZ7GhT2A+k/B:G65qzUgKBOTNGhCA++

Entry address:
0x27D83

Entry point:
E8, 24, CD, 00, 00, E9, 7F, FE, FF, FF, 53, 8B, DC, 51, 51, 83, E4, F0, 83, C4, 04, 55, 8B, 6B, 04, 89, 6C, 24, 04, 8B, EC, 8B, 4B, 08, 66, 8B, 53, 0C, 83, EC, 20, 83, 3D, 64, 1E, 46, 00, 01, 7C, 48, 0F, B7, C2, 66, 0F, 6E, C0, F2, 0F, 70, C0, 00, 66, 0F, 70, D0, 00, 8B, C1, 25, FF, 0F, 00, 00, 3D, F0, 0F, 00, 00, 77, 3E, F3, 0F, 6F, 01, 66, 0F, EF, C9, 66, 0F, 75, C8, 66, 0F, 75, C2, 66, 0F, EB, C8, 66, 0F, D7, C1, 85, C0, 75, 34, 83, C1, 10, EB, D1, 66, 3B, C2, 74, 0B, 83, C1, 02, 0F, B7, 01, 66, 85, C0...
 
[+]

Code size:
277.5 KB (284,160 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-187-101.cdg51.r.cloudfront.net  (54.230.187.101:80)

TCP (HTTP):
Connects to server-52-85-77-106.lax3.r.cloudfront.net  (52.85.77.106:80)

Remove wzupg.exe - Powered by Reason Core Security