» wzsepe32.exe
Overview
Analysis
File Details

wzsepe32.exe

WinZip Self-Extractor

WinZip Computing, S.L.

The executable wzsepe32.exe, “WinZip Self-Extractor Executable” has been detected as malware by 36 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

wzsepe32.exe

Publisher:

WinZip Computing, S.L.

Product:

WinZip Self-Extractor

Description:

WinZip Self-Extractor Executable

Version:

6.0

MD5:

88b40c3e9c2f468301b4e498ab1d6695

SHA-1:

502c8cfade1bfc1c15ace4971b0acd4693369048

SHA-256:

e3ef8de574a18c9bb54cb550011ae17ef42122dec534112cc2827f6364fb2f36

Scanner detections:

36 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/19/2024 6:27:32 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

6210226

Agnitum Outpost

Win32.Sality.AP.Gen

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2015.04.02

Avira AntiVirus

W32/Sality.AG

3.6.1.96

avast!

Win32:Kukacka

150319-1

AVG

Win32/Sality

2014.0.4311

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.1541

Bitdefender

Win32.Sality.3

1.0.20.455

Bkav FE

W32.Sality.PE

1.3.0.6379

Comodo Security

Virus.Win32.Sality.gen

21613

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

9.0.0.4799

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.13.68

G Data

Win32.Sality

15.4.25

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.8.9.0

K7 AntiVirus

Virus

13.202.15452

Kaspersky

Virus.Win32.Sality

15.0.0.543

McAfee

Virus.W32/Sality.gen.z

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.195.1215.0

MicroWorld eScan

Win32.Sality.3

16.0.0.273

NANO AntiVirus

Virus.Win32.Sality.yusp

0.30.8.659

Norman

Win32.Sality.3

03.12.2014 13:20:04

nProtect

Virus/W32.Sality.D

15.04.01.01

Panda Antivirus

W32/Sality.AA

15.04.01.01

Quick Heal

W32.Sality.U

4.15.14.00

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.15330

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.0.11524

Trend Micro House Call

PE_SALITY.RL

7.2.91

Trend Micro

PE_SALITY.RL

10.465.01

Vba32 AntiVirus

Virus.Win32.Sality.bakb

3.12.26.3

VIPRE Antivirus

Threat.4721115

38882

ViRobot

Win32.Sality.Gen.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Sality.Win32.20

2.0.0.2123

File size:

448.9 KB (459,632 bytes)

Product version:

4.0 (11294)

Trademarks:

WinZip is a registered trademark of WinZip International LLC

Original file name:

WZSEPE32.EXE.MUI

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\Program Files\winzip\wzsepe32.exe

File PE Metadata

Compilation timestamp:

10/21/2014 4:45:18 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:QH2i+ZPa3XvXgQD5Ut2vUZau5n9iuQp2YhOvCxgOWjBSTbXrcLNYc7xLc0:QHT8kPg+5SnQp29vTOWj4TbXr4Yc7xB

Entry address:

0xCF87

Entry point:

60, 0F, AF, FE, F6, C0, 98, 89, D5, 69, D2, A2, AE, 63, 9D, 29, FA, C6, C0, 54, 8A, E5, 84, C4, 86, DE, 69, CD, 5B, 11, 76, 65, E8, 27, 00, 00, 00, F6, C7, 8C, 46, 8D, 15, 6D, 71, 86, 07, F2, 3A, C9, 84, E5, 14, 6C, 8D, 05, 6C, 09, 83, A2, 8B, FB, 8B, CD, FE, C4, C6, C0, C1, 8A, F4, 2B, DF, 80, E0, 4D, 83, E1, 00, EB, 02, FE, C0, 89, D6, C7, C2, 8E, A6, 08, 5D, 87, EA, 81, C1, 1E, 50, F4, FF, 4B, 0F, AF, F7, 81, C1, E3, AF, 0B, 00, 23, DA, 85, D2, 0F, AF, FD, 8B, C2, 84, F4, 8D, 2D, FF, FC, B3, 05, 8A, C6... 
[+]

Code size:

231.5 KB (237,056 bytes)

Remove wzsepe32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.