home

zvprt5.exe

Microsoft Windows 2000 Operating System

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable zvprt5.exe, “Win32 Cabinet Self-Extractor ” has been detected as malware by 10 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from support.mercurynetwork.com and multiple other hosts.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft(R) Windows (R) 2000 Operating System

Description:
Win32 Cabinet Self-Extractor

Version:
5.00.2920.0000

MD5:
4392c6c30aa22c4574349f5ac5f01d44

SHA-1:
7968006c48899a1dd6d97145f5af21b05e1dd1e0

SHA-256:
a0a9a59e62f862d95697eb089b3908e4edfd40fb560c75ba8319fe023fe4fab0

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
5/19/2024 6:26:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11312867
928

Bitdefender
Trojan.Generic.11312867
1.0.20.1015

Emsisoft Anti-Malware
Trojan.Generic.11312867
8.14.07.22.11

F-Secure
Trojan.Generic.11312867
11.2014-22-07_3

G Data
Trojan.Generic.11312867
14.7.24

IKARUS anti.virus
Trojan.Win32.Agent
t3scan.1.6.1.0

MicroWorld eScan
Trojan.Generic.11312867
15.0.0.609

nProtect
Trojan.Generic.11312867
14.07.20.01

Qihoo 360 Security
Win32/Trojan.256
1.0.0.1015

VIPRE Antivirus
Trojan.Win32.Generic
31444

File size:
6.5 MB (6,850,832 bytes)

Product version:
5.00.2920.0000

Copyright:
Copyright (C) Microsoft Corp. 1981-1999

Original file name:
WEXTRACT.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\zvprt5.exe

File PE Metadata
Compilation timestamp:
9/25/1999 8:18:31 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
98304:YcHvi7gxSduzcfIOd7EqnN7vdr8Cu9MqIBmzRJpAUKDJnX2aDQTR4e/Dj+xkaI0q:Y7VduEfdNnFB8Cu9VIEzRz2RfDMxIH

Entry address:
0x283D

Entry point:
55, 8B, EC, 83, EC, 44, 56, FF, 15, DC, 10, 00, 01, 8B, F0, 8A, 06, 3C, 22, 75, 14, 8A, 46, 01, 46, 84, C0, 74, 04, 3C, 22, 75, F4, 80, 3E, 22, 75, 0D, 46, EB, 0A, 3C, 20, 7E, 06, 46, 80, 3E, 20, 7F, FA, 8A, 06, 84, C0, 74, 07, 3C, 20, 7F, 03, 46, EB, F3, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, D8, 10, 00, 01, F6, 45, E8, 01, 74, 06, 0F, B7, 45, EC, EB, 03, 6A, 0A, 58, 50, 56, 6A, 00, 6A, 00, FF, 15, 60, 11, 00, 01, 50, E8, 0E, 00, 00, 00, 8B, F0, 56, FF, 15, D0, 10, 00, 01, 8B, C6, 5E, C9, C3, 56, 33, F6...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
33.5 KB (34,304 bytes)

The file zvprt5.exe has been seen being distributed by the following 2 URLs.

http://support.mercurynetwork.com/files/AOI/.../zvprt5.exe

http://www.zan1011.com/zvprt5.exe

Remove zvprt5.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.