» winzipper.exe
Overview
Analysis
File Details

winzipper.exe

Yang Liu

The application winzipper.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

winzipper.exe

Publisher:

Yang Liu (signed and verified)

MD5:

d7cc9d19e7180037747e27322322f0c4

SHA-1:

1960d48b31f55295a5bfe2d700e457e693a3499f

SHA-256:

7d2f872daf61eee0ea167b78c83c0d61f6eb0c185709c844a39ae189a5f851c0

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/8/2024 6:03:05 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex.Winzipper (M)

16.10.8.4

File size:

156.5 KB (160,304 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\_sspm\winzipper.exe

Digital Signature

Signed by:

Yang Liu

Authority:

thawte, Inc.

Valid from:

8/22/2016 1:00:00 AM

Valid to:

11/26/2016 12:59:59 AM

Subject:

CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

52ADD28CB74EF9131F283E63CF534923

File PE Metadata

Compilation timestamp:

8/23/2016 4:43:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:SmC7RijRw/3eZj3TpPryWgRlHwkK0MNWNK+IlLdl5:bRw/wjVTy5RJwkK0I5df

Entry address:

0x10688

Entry point:

E8, 28, 60, 00, 00, E9, 7F, FE, FF, FF, 83, 25, B4, 82, 42, 00, 00, C3, 55, 8B, EC, A1, 40, 82, 42, 00, 33, 05, 40, 50, 42, 00, 74, 07, FF, 75, 08, FF, D0, 5D, C3, 5D, FF, 25, 08, D1, 41, 00, 55, 8B, EC, A1, 44, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 08, 74, 04, FF, D0, 5D, C3, FF, 15, 14, D1, 41, 00, 5D, C3, 55, 8B, EC, A1, 48, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 08, 74, 04, FF, D0, 5D, C3, FF, 15, 0C, D1, 41, 00, 5D, C3, 55, 8B, EC, A1, 4C, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 0C, FF... 
[+]

Code size:

109.5 KB (112,128 bytes)

Remove winzipper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.