home

fupwiozhu.exe

Logt Gaqqatjy Capf

The application fupwiozhu.exe by Logt Gaqqatjy Capf has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Fupwiozhu”.
Publisher:
Logt Gaqqatjy Capf  (signed and verified)

MD5:
92727aabb94b15c7a5d8cdb56243f6f6

SHA-1:
7598d831b424289f5dc9c03ca748aa2d2a8f86f9

SHA-256:
62750cfb9f08469fe7528e89069c9b2bb7395bf75b3c4c4f0568dce9406d38d9

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 10:28:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ShopperZ (M)
17.3.2.14

File size:
1.9 MB (2,025,288 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shopperz071020150404\fupwiozhu.exe

Digital Signature
Signed by:
Logt Gaqqatjy Capf

Authority:
Logt Gaqqatjy Capf

Valid from:
10/6/2015 10:05:24 PM

Valid to:
10/5/2016 10:05:24 PM

Subject:
CN=Teyginhgh Ukuqa, O=Logt Gaqqatjy Capf, L=Akimni, S=Imoph, C=CN

Issuer:
CN=Gajtyt Okicve, O=Logt Gaqqatjy Capf, L=Akimni, S=Imoph, C=CN

Serial number:
01

File PE Metadata
Compilation timestamp:
10/6/2015 10:06:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x14C0D3

Entry point:
E8, F7, B5, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, C8, 6B, 5D, 00, E8, 77, 1A, 00, 00, E8, 7E, 4F, 00, 00, 0F, B7, F0, 6A, 02, E8, C4, 42, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 93, 4E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
1.5 MB (1,530,368 bytes)

Service
Display name:
Fupwiozhu

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-16-194-153.compute-1.amazonaws.com  (50.16.194.153:80)

TCP (HTTP):
Connects to server-52-84-26-206.ewr50.r.cloudfront.net  (52.84.26.206:80)

TCP (HTTP):
Connects to ip78.ip-188-165-137.eu  (188.165.137.78:80)

TCP (HTTP):
Connects to ec2-54-86-239-189.compute-1.amazonaws.com  (54.86.239.189:80)

TCP (HTTP):
Connects to ec2-54-236-188-147.compute-1.amazonaws.com  (54.236.188.147:80)

TCP (HTTP):
Connects to ec2-54-233-138-57.sa-east-1.compute.amazonaws.com  (54.233.138.57:80)

TCP (HTTP):
Connects to ec2-54-207-87-244.sa-east-1.compute.amazonaws.com  (54.207.87.244:80)

TCP (HTTP):
Connects to ec2-54-164-54-149.compute-1.amazonaws.com  (54.164.54.149:80)

TCP (HTTP):
Connects to ec2-52-73-104-149.compute-1.amazonaws.com  (52.73.104.149:80)

TCP (HTTP):
Connects to ec2-52-67-89-54.sa-east-1.compute.amazonaws.com  (52.67.89.54:80)

TCP (HTTP SSL):
Connects to ec2-52-54-183-240.compute-1.amazonaws.com  (52.54.183.240:443)

TCP (HTTP):
Connects to ec2-52-4-75-22.compute-1.amazonaws.com  (52.4.75.22:80)

TCP (HTTP):
Connects to ec2-52-3-88-188.compute-1.amazonaws.com  (52.3.88.188:80)

TCP (HTTP):
Connects to ec2-52-20-38-235.compute-1.amazonaws.com  (52.20.38.235:80)

TCP (HTTP):
Connects to ec2-52-1-62-39.compute-1.amazonaws.com  (52.1.62.39:80)

TCP (HTTP):
Connects to ec2-34-200-70-96.compute-1.amazonaws.com  (34.200.70.96:80)

TCP (HTTP):
Connects to ec2-174-129-199-219.compute-1.amazonaws.com  (174.129.199.219:80)

TCP (HTTP):
Connects to ec2-107-20-135-64.compute-1.amazonaws.com  (107.20.135.64:80)

TCP (HTTP):
Connects to 4f.61.adb8.ip4.static.sl-reverse.com  (184.173.97.79:80)

TCP (HTTP):
Connects to 49.61.adb8.ip4.static.sl-reverse.com  (184.173.97.73:80)

Remove fupwiozhu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.