» winzipper.exe
Overview
Analysis
File Details

winzipper.exe

Yang Liu

The application winzipper.exe by Yang Liu has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

winzipper.exe

Publisher:

Yang Liu (signed and verified)

MD5:

19336fb7c150d1b06ecf712cba134438

SHA-1:

72d311334f4fa1317623e3aae1ffdee284fb2164

SHA-256:

82735ec87d2405d18dcd2cc0ec21b93b628486121015d789c24be60dbc24b8da

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/8/2024 5:13:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Elex.Winzipper (M)

16.9.4.9

File size:

233 KB (238,583 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\crecult\winzipper.exe

Digital Signature

Signed by:

Yang Liu

Authority:

thawte, Inc.

Valid from:

8/22/2016 6:00:00 AM

Valid to:

11/26/2016 5:59:59 AM

Subject:

CN=Yang Liu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

52ADD28CB74EF9131F283E63CF534923

File PE Metadata

Compilation timestamp:

8/23/2016 9:43:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:rnRw/wjVTy5RBwkK0I5dNBV+UdvrEFp7hKgVDQU2lQ:rRw/wjVT2KkK0ITNBjvrEH7TVDQUoQ

Entry address:

0x10688

Entry point:

E9, 8F, 42, FF, FF, E9, 7F, FE, FF, FF, 83, 25, B4, 82, 42, 00, 00, C3, 55, 8B, EC, A1, 40, 82, 42, 00, 33, 05, 40, 50, 42, 00, 74, 07, FF, 75, 08, FF, D0, 5D, C3, 5D, FF, 25, 08, D1, 41, 00, 55, 8B, EC, A1, 44, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 08, 74, 04, FF, D0, 5D, C3, FF, 15, 14, D1, 41, 00, 5D, C3, 55, 8B, EC, A1, 48, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 08, 74, 04, FF, D0, 5D, C3, FF, 15, 0C, D1, 41, 00, 5D, C3, 55, 8B, EC, A1, 4C, 82, 42, 00, 33, 05, 40, 50, 42, 00, FF, 75, 0C, FF... 
[+]

Entropy:

7.0267

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

109.5 KB (112,128 bytes)

Remove winzipper.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.