» WzMsg.exe
Overview
Analysis
File Details

WzMsg.exe

WinZip

WinZip Computing, S.L.

The executable WzMsg.exe, “WinZip Message Display EXE” has been detected as malware by 35 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

WzMsg.exe

Publisher:

WinZip Computing, S.L.

Product:

WinZip

Description:

WinZip Message Display EXE

Version:

2.1 (32-bit)

MD5:

3648a2bcb7ee885b49ec90d8490a52cf

SHA-1:

bfe6610003ca4ce6a1ffd1b087a66ae52edca724

SHA-256:

46f604f464728fc7c3d869aa37a4be46e906960dd3b71d0af40116305436039d

Scanner detections:

35 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 12:25:48 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

6210226

Agnitum Outpost

Win32.Sality.AP.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.04.02

avast!

Win32:Kukacka

150319-0

AVG

Win.Threat.High

2014.0.4311

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.1541

Bitdefender

Win32.Sality.3

1.0.20.455

Bkav FE

W32.Sality.PE

1.3.0.6379

Comodo Security

Virus.Win32.Sality.gen

21613

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

9.0.0.4799

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Virut.AI!Generic

4.6.5.141

F-Secure

Win32.Sality.3

11.2015-01-04_4

G Data

Win32.Sality

15.4.25

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.8.9.0

K7 AntiVirus

Virus

13.202.15452

Kaspersky

Virus.Win32.Sality

15.0.0.543

McAfee

Virus.W32/Sality.gen.z

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.195.1215.0

MicroWorld eScan

Win32.Sality.3

16.0.0.273

NANO AntiVirus

Virus.Win32.Sality.yusp

0.30.8.659

Norman

Win32.Sality.3

03.12.2014 13:20:04

nProtect

Virus/W32.Sality.D

15.04.01.01

Panda Antivirus

W32/Sality.AA

15.04.01.01

Quick Heal

W32.Sality.U

4.15.14.00

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.15330

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.0.11524

Trend Micro House Call

PE_SALITY.RL

7.2.91

Trend Micro

PE_SALITY.RL

10.465.01

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.3

VIPRE Antivirus

Threat.4721115

38950

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.20

2.0.0.2123

File size:

193.4 KB (198,000 bytes)

Product version:

19.0 (11294)

Trademarks:

WinZip is a registered trademark of WinZip International LLC

Original file name:

WzMsg.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\winzip\wzmsg.exe

File PE Metadata

Compilation timestamp:

10/21/2014 4:40:59 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:WwkZrkfHy+Lwkh8zbHRxpO1xtnYn/dOAmPOLCNTPpPXXU:wN+f8zzRxoQ8swpPXXU

Entry address:

0x17C8

Entry point:

60, 8D, 1D, 3B, 45, 70, 7C, F7, C6, 75, 6F, 57, ED, 0F, AF, C9, 2B, C2, C7, C3, 6B, 90, 34, CE, C7, C1, 70, 5E, B0, 1D, 69, D0, 4A, CC, 6D, 88, 8B, FA, 69, C0, F6, D1, 15, 16, FF, CA, 3D, BF, 1A, 78, 33, BA, C6, AB, F4, 81, 88, DE, 68, 7E, 27, 5E, 00, 51, C6, C5, 71, BE, C7, E6, F2, 45, 04, DD, E8, 00, 00, 00, 00, BA, F0, 89, 5C, 99, 87, DB, 01, E8, 0F, AF, C7, 8A, D6, 1A, F2, 0F, AF, D5, 4E, BF, 3B, A7, 1D, B0, FF, CE, 8D, 35, F1, 04, 04, B5, 87, F5, 6A, 00, 5F, 8B, EF, 33, F8, EB, 09, 8D, 2D, F6, 2E, A9... 
[+]

Code size:

37.5 KB (38,400 bytes)

Remove WzMsg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.