» mszip.exe_
Overview
Analysis
File Details

mszip.exe_

Net Command

WEBZEN INC

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file mszip.exe_ has been detected as malware by 7 anti-virus scanners.

File name:

mszip.exe_

Publisher:

Microsoft Corporation (signed by WEBZEN INC)

Product:

Microsoft® Windows® Operating System

Description:

Net Command

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

a15e7f0e53cf747263309bba329425d2

SHA-1:

fe8a7f5ee133ad05d2e48f522718127d7de10506

SHA-256:

031c6a3739e68309c978b4afad8171bb50d875a8256629cb6ccc616bcb00ff74

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/26/2024 8:20:24 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Backdoor/Win32.Etso

2014.12.30

Bkav FE

HW32.Packed

1.3.0.6267

Comodo Security

UnclassifiedMalware

20528

ESET NOD32

Win32/Agent.WAN (variant)

9.10942

McAfee

Artemis!A15E7F0E53CF

5600.6774

NANO AntiVirus

Trojan.Win32.Agent.dkpskl

0.30.0.64448

Qihoo 360 Security

HEUR/QVM16.0.Malware.Gen

1.0.0.1015

File size:

150.7 KB (154,320 bytes)

Product version:

6.1.7600.16385

Original file name:

net.exe

Digital Signature

Signed by:

WEBZEN INC

Authority:

Thawte, Inc.

Valid from:

8/2/2011 9:00:00 AM

Valid to:

10/1/2013 8:59:59 AM

Subject:

CN=WEBZEN INC, O=WEBZEN INC, L=Guro-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

186379575A3146E26BEFC90A580D1BD2

File PE Metadata

Compilation timestamp:

12/21/2012 12:29:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

3072:9n2cBHFfzSz43AUnbAH3MnuWkm9M8PbIqRmoOW4POnqAnO:92wFKYbAH3MnMmbb9k5POh

Entry address:

0x55807

Entry point:

68, 75, 2E, 97, 5D, E8, 37, 15, 00, 00, FF, 34, 24, 66, 01, 14, 1F, 9C, 9C, 60, 55, 8D, 64, 24, 34, E9, 85, 6B, FF, FF, 52, 68, 23, 04, D9, 5A, 9C, 8D, 64, 24, 40, E8, 9E, 63, FF, FF, F7, C4, 64, 63, 89, 9E, 3D, 00, 7D, 00, 00, 60, 8D, 64, 24, 20, 0F, 83, 72, CD, FE, FF, 38, E8, 60, E8, 24, FE, FF, FF, 5E, F9, B6, 76, 1A, 7A, 9C, 91, C4, F9, EE, 85, 62, 6B, 56, 71, 5E, BB, A8, 3C, 91, E1, 7A, 5A, FF, 0C, 9E, CE, 19, 54, 8E, 0D, 09, C5, DF, 6B, A0, 06, 2A, AB, 99, 00, 35, 65, 2A, 64, 85, 72, B0, AD, 4A, 23... 
[+]

Entropy:

7.8918 (probably packed)

Code size:

62 KB (63,488 bytes)

Remove mszip.exe_ - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.