» winzipper.exe
Overview
Analysis
File Details

winzipper.exe

Yang Liu

The application winzipper.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

winzipper.exe

Publisher:

Yang Liu (signed and verified)

MD5:

c2b920eb615b94ce85b249be5caf891e

SHA-1:

1d8c00bb0b051d18f55f4f1e44212dd56cc39d05

SHA-256:

7bfb4f15c7b2cecbeb52ff6033447cf5ba57ea2449bb3975ae0aebe4deef7b18

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/16/2024 6:59:51 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex.Winzipper (M)

16.8.19.12

File size:

186.1 KB (190,576 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\hohobnd\winzipper.exe

Digital Signature

Signed by:

Yang Liu

Authority:

thawte, Inc.

Valid from:

8/8/2016 2:00:00 AM

Valid to:

11/26/2016 1:59:59 AM

Subject:

CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

0314A127EC4A34964B85BE1A235DBEFF

File PE Metadata

Compilation timestamp:

8/10/2016 5:02:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

3072:Pvu/vW9Y7jk0HZIcFFoJeL4AoOjLWWqN3pkiN+FuGTO2YprE76b4TgoHXroF9:PG/voWI4FoJndOjLW1WiNwZ7W

Entry address:

0xFD1F

Entry point:

E8, 57, 04, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 09, CD, FF, FF, C7, 06, 38, 4B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 40, 4B, 42, 00, C7, 01, 38, 4B, 42, 00, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, D6, CC, FF, FF, C7, 06, 54, 4B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 5C, 4B, 42, 00, C7, 01, 54, 4B, 42, 00, C3, CC, 8D, 41, 04, C7, 01, A0, 44, 42, 00, 50, E8, 5C, 17, 00, 00... 
[+]

Entropy:

6.4092

Code size:

137 KB (140,288 bytes)

Remove winzipper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.