home

winzipersvc.exe

dsk service

Taiwan Shui Mu Chih Ching Technology Limited

The application winzipersvc.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WinZiper service”. While running, it connects to the Internet address 8.81.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Taiwan Shui Mu Chih Ching Technology Limited.  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
dsk service

Version:
1.5.83.8755

MD5:
88aa346ac02a605ccdedfe5a60201f9d

SHA-1:
0147937d9077f226e60df191da2175a4ac9ee45e

SHA-256:
1810332fb0356c9faa7c9d9d351bd12f7fd8549ec9a2e2b967df27616bdc4b26

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
4/19/2024 12:46:22 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Generic
2014.12.25

AVG
Adware AdPlugin
2016.0.3228

Baidu Antivirus
Adware.Win32.Elex
4.0.3.15116

Dr.Web
Adware.Mutabaha.50
9.0.1.016

ESET NOD32
Win32/ELEX (variant)
9.11021

McAfee
Artemis!E3B0C3192B29
5600.6884

NANO AntiVirus
Riskware.Win32.D365.csnrev
0.28.6.63474

Reason Heuristics
PUP.Service.TaiwanShuiMuChihChingTechnologyLimited.L
15.1.16.8

Trend Micro House Call
Suspicious_GEN.F47V0112
7.2.16

File size:
414.7 KB (424,624 bytes)

Product version:
1.5.83.8755

Copyright:
Copyright (C) 2012

Original file name:
dsk service.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\winzipper\winzipersvc.exe

Digital Signature
Signed by:
Taiwan Shui Mu Chih Ching Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
2/24/2014 11:15:36 AM

Valid to:
2/25/2015 11:15:36 AM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=New Taipei City, S=Taiwan, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121BCD23750153699E1F59ACE477A6DE070

File PE Metadata
Compilation timestamp:
1/12/2015 10:12:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:nmkCMetnlOkOGiyjIg7UgxPMYw+uZiGmNUWk673:jpykWZxPMYpuVmux6T

Entry address:
0x33018

Entry point:
E8, 16, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 92, A2, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 4F, 41, 00, 00, 85, C0, 74, 0A, E8, 46, 41, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 37, DE, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, A1, C0, D6, 45, 00, 33, C5, 89, 45, FC, 53, 56, 8B, F1, 33...
 
[+]

Entropy:
6.4219

Code size:
307 KB (314,368 bytes)

Service
Display name:
WinZiper service

Service name:
winzipersvc

Description:
WinZipper service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 8.81.6132.ip4.static.sl-reverse.com  (50.97.129.8:80)

Remove winzipersvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.