zip_update_v1.5.111.exe.tmp

equalto

The file zip_update_v1.5.111.exe.tmp has been detected as a potentially unwanted program by 6 anti-malware scanners. The file has been seen being downloaded from 113.171.224.167 and multiple other hosts.
Publisher:
equalto

Product:
equalto

Version:
9.1.56.26

MD5:
6178eca2e4599943a7f417abc077882c

SHA-1:
db72db6342ac68ac447bf65f7640db01564b1af1

SHA-256:
66be9c1120d16f22c9be7a3f11db2c655055d069d893ac3e24fbcd787ff07ae9

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 9:37:18 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.ELEX
4.0.3.15826

Dr.Web
Adware.Mutabaha.642
9.0.1.0238

ESET NOD32
Win32/ELEX.EO potentially unwanted (variant)
9.12152

Panda Antivirus
Trj/Genetic.gen
15.08.26.11

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
405 KB (414,720 bytes)

Product version:
9.1.56.26

Copyright:
Copyright (C) 2011-2014

Original file name:
equalto

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\roaming\winzipper\update\zip_update_v1.5.111.exe.tmp

File PE Metadata
Compilation timestamp:
8/26/2015 8:22:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:Yr72wzTXnzZxGCchzA1GEHIXT0Zx/ILpcorOW7fwtC9cBp4+dX5JXbB5i7Me1Ohr:YrdzZCJIx/a9rO894WgGMekhZGjo

Entry address:
0x1F4DD

Entry point:
E8, 7B, B4, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7, C2, 03, 00, 00, 00, 75, EA, 83, E8, 04, 72, 12, 57, 8B, FB, C1, E3, 08, 03, DF, 8B, FB, C1, E3, 10, 03, DF, EB, 1B, 5F, 83, C0, 04, 74, 0E, 8A, 0A, 83, C2, 01, 32, CB, 74, 40, 83, E8, 01, 75, F2, 5B, C3, 83, E8, 04, 72, E5, 8B, 0A, 33, CB, BF, FF, FE, FE, 7E, 03, F9...
 
[+]

Entropy:
5.6759

Code size:
218.5 KB (223,744 bytes)

The file zip_update_v1.5.111.exe.tmp has been seen being distributed by the following 6 URLs.

http://113.171.224.167/.../wzp2yac_2015.8.26_out.exe

http://113.171.224.213/.../wzp2yac_2015.8.26_out.exe

http://113.171.224.211/.../wzp2yac_2015.8.26_out.exe

Remove zip_update_v1.5.111.exe.tmp - Powered by Reason Core Security