» winzipersvc.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (1)

winzipersvc.exe

dsk service

Taiwan Shui Mu Chih Ching Technology Limited

The application winzipersvc.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 15 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “WinZiper service”. This file is typically installed with the program WinZipper by Taiwan Shui Mu Chih Ching Technology Limited. which is a potentially unwanted software program. While running, it connects to the Internet address 8.81.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

winzipersvc.exe

Publisher:

Taiwan Shui Mu Chih Ching Technology Limited. (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:

dsk service

Version:

1.5.29.8409

MD5:

8f9d8732840c374d1c5eaf9e1645f4ac

SHA-1:

28b51176d6a6087c267c15ae8d32f98701f1e080

SHA-256:

c90b4c12cef8a703737a28e869cfb9afad69fa63350c1e2ef82b41cb0ab81209

Scanner detections:

15 / 68

Status:

Adware

Analysis date:

4/25/2024 1:24:51 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Trash.Gen

7.11.30.172

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.14929

Bkav FE

W32.Clod5a9.Trojan

1.3.0.4562

Boost by Reason

Optional.Service.TaiwanShuiMuChihChingTechnologyLimited.L

188861

Comodo Security

ApplicUnwnt

17279

Dr.Web

Adware.Mutabaha.50

9.0.1.0272

ESET NOD32

Win32/ELEX (variant)

8.9528

IKARUS anti.virus

not-a-virus:AdWare.Win32.D365

t3scan.2.0.127

Kaspersky

not-a-virus:AdWare.Win32.D365

14.0.0.3176

NANO AntiVirus

Riskware.Win32.D365.csnrev

0.28.0.59608

Quick Heal

Trojan.Agent.gen

9.14.12.00

Reason Heuristics

PUP.Service.TaiwanShuiMuChihChingTechnologyLimited.L

14.4.8.23

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10330

Trend Micro House Call

TROJ_GEN.F47V0326

7.2.272

Vba32 AntiVirus

AdWare.D365

3.12.24.3

File size:

415.1 KB (425,104 bytes)

Product version:

1.5.29.8409

Original file name:

dsk service.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\winzipper\winzipersvc.exe

Digital Signature

Signed by:

Taiwan Shui Mu Chih Ching Technology Limited

Authority:

GlobalSign nv-sa

Valid from:

3/13/2013 8:15:13 AM

Valid to:

3/14/2014 8:15:13 AM

Subject:

CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=新北, S=台湾, C=TW

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121243D90C81CD8FEC70E99813154FB6459

File PE Metadata

Compilation timestamp:

2/26/2014 8:49:12 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:zgu6zGgkiAT18mpwwmuPUV3OKpoK/U29nIFJ/:z8mpwuPUV3jprU29neJ/

Entry address:

0x333F8

Entry point:

E8, 16, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, 92, A2, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 52, 41, 00, 00, 85, C0, 74, 0A, E8, 49, 41, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 37, DE, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, A1, C0, D6, 45, 00, 33, C5, 89, 45, FC, 53, 56, 8B, F1, 33... 
[+]

Code size:

308 KB (315,392 bytes)

Service

Display name:

WinZiper service

Service name:

winzipersvc

Description:

WinZipper service

Type:

Win32OwnProcess

Group:

SchedulerGroup

The file winzipersvc.exe has been discovered within the following program.

WinZipper by Taiwan Shui Mu Chih Ching Technology Limited.

The free and trial versions bundle various potentually unwanted toolbars and web browser extensions including the AVG Toolbar which modifies the browser's search and home page settings..

www.winzipper.com

75% remove it

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 8.81.6132.ip4.static.sl-reverse.com (50.97.129.8:80)

Remove winzipersvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.