» 146366537920160501def2.zip.tdl
Overview
Analysis
File Details

146366537920160501def2.zip.tdl

Winziper

Yang Liu

The file 146366537920160501def2.zip.tdl, “Winzipper service” by Yang Liu has been detected as a potentially unwanted program by 3 anti-malware scanners.

File name:

Publisher:

Winziper Pvt Ltd. (signed by Yang Liu)

Product:

Winziper

Description:

Winzipper service

Version:

2.1.0.0

MD5:

8815ce7ee2b6db3cb400052ac0dfd63d

SHA-1:

391e963545004739561699f6e8b078e8edb37319

SHA-256:

0663f65d822bc361673e6cff8d5181edb4a17e0b9f1eebcc955b03b538e233b5

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

6/25/2025 2:18:08 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Mutabaha.1293

9.0.1.05190

ESET NOD32

Win32/ELEX.HU potentially unwanted application

8.0.319.0

Reason Heuristics

Adware.Elex (M)

16.6.24.9

File size:

2 MB (2,092,626 bytes)

Product version:

2.1.0.0

Original file name:

winzipersvc.exe

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\146366537920160501def2.zip.tdl

Digital Signature

Signed by:

Yang Liu

Authority:

thawte, Inc.

Valid from:

5/18/2016 12:00:00 AM

Valid to:

11/25/2016 11:59:59 PM

Subject:

CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

7A83EBB920EE081F2CE9FD6AE15A77B1

File PE Metadata

Compilation timestamp:

5/18/2016 12:34:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:ddtsqDvLZJX1vlyxbbXTx+UJbmx9fPmI+TgRPuC+ADz:ddtnnXHWWdNGgz

Entry address:

0x80320

Entry point:

E8, 82, D5, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 75, 13, E8, 92, 14, 00, 00, 6A, 16, 5E, 89, 30, E8, A8, 12, 00, 00, 8B, C6, EB, 24, 68, 80, 00, 00, 00, FF, 75, 10, FF, 75, 0C, E8, 17, 00, 00, 00, 83, C4, 0C, 89, 06, 85, C0, 74, 04, 33, C0, EB, 07, E8, 62, 14, 00, 00, 8B, 00, 5E, 5D, C3, 6A, 0C, 68, 10, 69, 4E, 00, E8, A5, 14, 00, 00, 33, C9, 89, 4D, E4, 33, C0, 8B, 7D, 08, 85, FF, 0F, 95, C0, 85, C0, 75, 17, E8, 39, 14, 00, 00, C7, 00, 16, 00, 00, 00, E8, 4E, 12, 00, 00, 33, C0... 
[+]

Code size:

675 KB (691,200 bytes)

Remove 146366537920160501def2.zip.tdl - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.