home

zwz0112.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.244 and multiple other hosts.
MD5:
7ffcce70f314590d9d781f86cba75203

SHA-1:
d2c7a3374e5717ddd05085e932fceebb6e093fc2

SHA-256:
2006e113dc4cb701b44fb4179b96c0c8b262d11a7796312748b5a9f115280eb4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/27/2024 9:52:42 PM UTC  (today)

File size:
21.1 MB (22,106,748 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\zwz0112.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
393216:Nejztv9zkl6eRW3IUBhjToukPmj7rOI3O0ZFUaejtyUUpyNJPzVPmxbjnV/Ni7y3:+ztv9beRW4UB9ToukPs7Y0g/yUnrVybp

Entry point:
37, 7A, BC, AF, 27, 1C, 00, 04, C5, 4F, D0, 01, 38, 52, 51, 01, 00, 00, 00, 00, 24, 00, 00, 00, 00, 00, 00, 00, 76, 1A, 3A, ED, 01, DF, B6, 6D, 20, E6, F5, 7D, 46, 00, 5E, 17, 81, E9, 90, 02, 62, 70, 00, 00, 00, 00, 00, 7C, 00, 00, 00, 00, 00, 00, 00, A9, 8C, 40, 3C, 5B, 85, EF, 6E, 68, 69, 1B, 1B, 6B, 6A, 63, 1C, 6A, 18, 6F, 6D, 6D, 6E, 68, 69, 1B, 1B, 6B, 6A, 63, 1C, 6A, 18, 6F, 6D, 6D, D3, 0A, 14, 1D, 57, 50, 40, 50, 00, 00, 00, 57, 13, 12, 1E, 08, 00, 00, 5B, 8A, 00, 00, 5B, 48, 52, 58, 00, 00, 00, 98...
 
[+]

Entropy:
8.0000  (probably packed)

The file zwz0112.exe has been seen being distributed by the following 4 URLs.

http://113.171.224.244/.../zwz0112.exe

http://113.171.224.166/.../zwz0112.exe

http://113.171.224.205/.../zwz0112.exe

http://dl06.wseclub.com/download/.../zwz0112.exe

Scan zwz0112.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.