home

winzipper.exe

Yang Liu

The application winzipper.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Yang Liu  (signed and verified)

MD5:
84f267d6aa90f30ab9f9cac6e6fdd565

SHA-1:
6a706ad8e8131c26eabb4b5df7986947cc026548

SHA-256:
e97cacfa026ba2d4fe9a2519718d354982e0cad35f6c39a4a82755db064a4237

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/23/2025 9:02:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex.Winzipper (M)
16.10.30.17

File size:
1.3 MB (1,319,024 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\plejewardaredosp\winzipper.exe

Digital Signature
Signed by:
Yang Liu

Authority:
thawte, Inc.

Valid from:
7/25/2016 3:00:00 AM

Valid to:
11/26/2016 1:59:59 AM

Subject:
CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
40D26EC7F1B33A76890A370F0BAD59F2

File PE Metadata
Compilation timestamp:
7/26/2016 8:08:55 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:VAH1LRkKnxpgabVOIiiFdcrO6SkYPbg/TsjbWzYqtHyjM5W55qqzNgw:Vi1dNj1hOINpkYP8MyYq+g

Entry address:
0x1099F

Entry point:
E8, A7, 04, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 99, BD, FF, FF, C7, 06, 38, 5B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 40, 5B, 42, 00, C7, 01, 38, 5B, 42, 00, C3, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 66, BD, FF, FF, C7, 06, 54, 5B, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, 83, 61, 04, 00, 8B, C1, 83, 61, 08, 00, C7, 41, 04, 5C, 5B, 42, 00, C7, 01, 54, 5B, 42, 00, C3, 55, 8B, EC, 83, EC, 0C, 8D, 4D, F4, E8, A7, FF, FF, FF, 68, 24...
 
[+]

Entropy:
1.4142

Code size:
140.5 KB (143,872 bytes)

Remove winzipper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.