» winzipper.exe
Overview
Analysis
File Details

winzipper.exe

Yang Liu

The application winzipper.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

winzipper.exe

Publisher:

Yang Liu (signed and verified)

MD5:

c38149dadd0346046fa36b2a4235223a

SHA-1:

2fb6ead4bfd9ecd586cb3fb292fde2eaee5622c8

SHA-256:

eb85a0e6f183a90cc9cdebd3a51061514546b3f4eccc6932cd64f978c59c7193

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/16/2024 6:57:18 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex.Winzipper (M)

16.8.19.12

File size:

262.6 KB (268,855 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\dbphanihty\winzipper.exe

Digital Signature

Signed by:

Yang Liu

Authority:

thawte, Inc.

Valid from:

8/8/2016 6:00:00 AM

Valid to:

11/26/2016 5:59:59 AM

Subject:

CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

0314A127EC4A34964B85BE1A235DBEFF

File PE Metadata

Compilation timestamp:

8/10/2016 9:02:16 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:PG/voWI4FoJnnZfjLW1WiNwZ7QBV+UdvrEFp7hKade:Pq9IE2n5PW8MBjvrEH7fA

Entry address:

0xFD1F

Entry point:

E9, 78, ED, FF, FF, E9, 80, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 09, CD, FF, FF, C7, 06, 38, 4B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 40, 4B, 42, 00, C7, 01, 38, 4B, 42, 00, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, D6, CC, FF, FF, C7, 06, 54, 4B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 5C, 4B, 42, 00, C7, 01, 54, 4B, 42, 00, C3, CC, 8D, 41, 04, C7, 01, A0, 44, 42, 00, 50, E8, 5C, 17, 00, 00... 
[+]

Entropy:

7.0417

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

137 KB (140,288 bytes)

Remove winzipper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.