home

zwz1008.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.171 and multiple other hosts.
MD5:
601f72ba477c623a6613fd1a7a0127bc

SHA-1:
9952407d472fe4e31533fc7a9989a550d2597ecd

SHA-256:
8dc3607a0749c8679d2a2146ded8a63d94527451518e71fcf669f13e93d18e28

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 9:52:54 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen2
7.11.30.172

File size:
21.1 MB (22,086,187 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\zwz1008.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
393216:KoWuigMkKaUcN4N/gDPac8+Ql6gchbGTodrsMrnTtGJ6nY6Dbv08LdOWWY5z+9D+:dWu4NcN45gDyc8+QlXcdd71GJWj0eOWh

Entry point:
37, 7A, BC, AF, 27, 1C, 00, 04, C0, 31, 9B, F6, E7, 01, 51, 01, 00, 00, 00, 00, 24, 00, 00, 00, 00, 00, 00, 00, 90, E5, 38, 93, 01, DF, B6, 6D, 20, E6, F5, 7D, 46, 00, 5E, CD, F3, 1A, A0, 9F, BE, 73, 00, 00, 00, 00, 00, 7C, 00, 00, 00, 00, 00, 00, 00, 3B, CE, 7B, FC, 5B, 85, EF, 6E, 68, 69, 1B, 1B, 6B, 6A, 63, 1C, 6A, 18, 6D, 6D, 6B, 6E, 68, 69, 1B, 1B, 6B, 6A, 63, 1C, 6A, 18, 6D, 6D, 6B, D3, 0A, 14, 1D, 57, 50, 40, 50, 00, 00, 00, 57, 13, 12, 1E, 08, 00, 00, 5B, 8A, 00, 00, 5B, 48, 52, 58, 00, 00, 00, 98...
 
[+]

Entropy:
8.0000  (probably packed)

The file zwz1008.exe has been seen being distributed by the following 3 URLs.

http://113.171.224.171/.../zwz1008.exe

http://113.171.224.210/.../zwz1008.exe

http://dl06.wseclub.com/download/.../zwz1008.exe

Scan zwz1008.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.