home

winzipersvc.exe

update service

Taiwan Shui Mu Chih Ching Technology Limited

The application winzipersvc.exe by Taiwan Shui Mu Chih Ching Technology Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “WinZiper service”. This file is typically installed with the program WinZipper by Taiwan Shui Mu Chih Ching Technology Limited. which is a potentially unwanted software program.
Publisher:
Taiwan Shui Mu Chih Ching Technology Limited.  (signed by Taiwan Shui Mu Chih Ching Technology Limited)

Product:
update service

Version:
1.1.6.7282

MD5:
ae797ebf417e69467b226872097e6100

SHA-1:
842aec907d72d3e27e54b3d67c5a5a0f4ca63dbd

SHA-256:
aabbe52b659fa19253b20c34476b5a5f03e671f11973e3426eb4c895f64029bf

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 5:21:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Thinknice.TaiwanShuiMuChihChingTechnology (M)
16.1.18.13

File size:
414.2 KB (424,104 bytes)

Product version:
1.1.6.7282

Copyright:
Copyright (C) 2012

Original file name:
updateSvc.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\winzipper\winzipersvc.exe

Digital Signature
Signed by:
Taiwan Shui Mu Chih Ching Technology Limited

Authority:
GlobalSign nv-sa

Valid from:
3/13/2013 1:15:13 AM

Valid to:
3/14/2014 1:15:13 AM

Subject:
CN=Taiwan Shui Mu Chih Ching Technology Limited, O=Taiwan Shui Mu Chih Ching Technology Limited, L=新北, S=台湾, C=TW

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121243D90C81CD8FEC70E99813154FB6459

File PE Metadata
Compilation timestamp:
5/23/2013 8:26:54 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:HyAgv8UwoqWyPAcO0F6aGVHLWJIameFC6Nb:IgElaGVHLWJqeFC6Nb

Entry address:
0x330E8

Entry point:
E8, 26, A2, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 83, 65, FC, 00, 56, 8D, 45, FC, 50, FF, 75, 0C, FF, 75, 08, E8, A2, A2, 00, 00, 8B, F0, 83, C4, 0C, 85, F6, 75, 18, 39, 45, FC, 74, 13, E8, 56, 41, 00, 00, 85, C0, 74, 0A, E8, 4D, 41, 00, 00, 8B, 4D, FC, 89, 08, 8B, C6, 5E, C9, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 37, DE, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, A1, C0, D6, 45, 00, 33, C5, 89, 45, FC, 53, 56, 8B, F1, 33...
 
[+]

Entropy:
6.4253

Code size:
307 KB (314,368 bytes)

Service
Display name:
WinZiper service

Service name:
winzipersvc

Description:
WinZipper service

Type:
Win32OwnProcess

Group:
SchedulerGroup


The file winzipersvc.exe has been discovered within the following program.

WinZipper  by Taiwan Shui Mu Chih Ching Technology Limited.
The free and trial versions bundle various potentually unwanted toolbars and web browser extensions including the AVG Toolbar which modifies the browser's search and home page settings..
www.winzipper.com
75% remove it
 
Powered by Should I Remove It?

Remove winzipersvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.