Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.WinZipper

PUP.WinZipper

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank: 3,948
Threat Level: 10 % (Normal)
Infected Computers: 168,909
First Seen: March 23, 2015
Last Seen: April 12, 2026
OS(es) Affected: Windows

Aliases

4 security vendors flagged this file as malicious.

Antivirus Vendor Detection
McAfee Artemis!FD4518DBC764
McAfee-GW-Edition Artemis
AVG Taishumu.511
Symantec PUA.WinZipper

SpyHunter Detects & Remove PUP.WinZipper

File System Details

PUP.WinZipper may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. A0056866.exe 1349aa702ed846d801971837fb4354c9 257
2. A0077943.exe 538ad7c45fd01c52196b6756034ab914 234
3. A0126475.exe df667a225fad7706c3dc45fcc01314cc 177
4. A0035920.exe 53f45b558a0aebd79f9edc2142fa26da 175
5. zip_update_v1.5.108.exe 25ccadd3c0b567c69123fffb8010e65b 164
6. zip_update_v1.5.111.exe 6178eca2e4599943a7f417abc077882c 136
7. zip_update_v1.5.132.exe.vir 24ad81381458213d104bdd85d310b177 115
8. TrayDownloader.exe 0027b788c35ab4f094cb8e5a84de8b0d 106
9. zip_update_v1.5.113.exe 937c7f63819d0cc61349a1b38a9c4235 98
10. dup.exe.vir 876835484175718816c18eeac0239705 98
11. A0056875.exe 339d68e8f09c4471019055156b3e3650 92
12. eUninstall.exe 13ebfe2057da6714f6e81825dde240ab 82
13. zip_update_v1.5.119.exe 85f35698a5388c4c3fa0faf2d2455c15 61
14. wzp2yac_201512096_out[1].exe 9fe6a872aac4e8164a94cbff70b1356c 56
15. A0046663.exe 64551e1f5a559f95afe182314736bf6d 54
16. zip_update_v1.5.121.exe 88448604583fa0c199acd89e847ee088 46
17. A0035933.exe ac635d9c14f825f18a5752b537e13c3e 46
18. A0077958.exe 4bfaf6d7fb8e99ce5dc93bb121235567 41
19. BC35F18B-8C50-2682-0217-29C3DBAA9980 2e615af5bd3caa1f655aa9f1f112ce83 35
20. A0071790.exe 7e79795cd725101b851d6f011660883c 31
21. dup.exe dbe8b7379813789ad09dae023a53db9f 27
22. zip_update_v1.5.123.exe 00aa201560cc97a90e8e2e6fe4f96fa6 24
23. zip_update_v1.5.101.exe a3f811d9d4d08c8659d06144c7b35701 23
24. A0046654.exe 491fbc8fbb2041485c9ff136665040ef 23
25. wzpup_2015.07.24_out_2[1].exe 3002d57cf4a704f05e95ace6df9fcb65 10
26. wzpup_2015.07.24_out_1[1].exe b3d302edf42d0268b943c6a8061115e8 7
27. winzipersvc.exe 258bd28e3f00871d59cf0f4cd0e7d250 2
28. WinZipper.exe fd2b67cc95adb0dfd9e1fd4a919219c8 1
More files

Registry Details

PUP.WinZipper may create the following registry entry or registry entries:
CLSID
{4F622628-7632-4B28-B184-D7BA0CA3273B}
{DC638EEA-2BA2-4459-9C46-85A2F0BE6040}
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinZipper
SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cab\OpenWithProgids\WinZipper.cab
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithProgids\WinZipper.zip
SOFTWARE\WinZiper
SOFTWARE\winzipersvc
SOFTWARE\Wow6432Node\WinZiper
SOFTWARE\Wow6432Node\winzipersvc
SYSTEM\ControlSet001\services\eventlog\Application\winzipersvc
SYSTEM\ControlSet001\services\winzipersvc
SYSTEM\ControlSet002\services\eventlog\Application\winzipersvc
SYSTEM\ControlSet002\services\winzipersvc
SYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvc
SYSTEM\CurrentControlSet\services\winzipersvc
HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}
WinZipper

Directories

PUP.WinZipper may create the following directory or directories:

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\WinZipper
%ALLUSERSPROFILE%\Start Menu\Programs\WinZipper
%APPDATA%\WinZiper
%APPDATA%\WinZipper
%PROGRAMFILES%\WinZipper
%PROGRAMFILES(x86)%\WinZipper

Analysis Report

General information

Family Name: PUP.WinZipper
Signature status: Self Signed

Known Samples

MD5: f446dc2a3ade1cec27e74d565addc6ea
SHA1: a58657922d66e93cbce5de819c2f8b2881b0b022
SHA256: 4D501C124054FCB4AD67EC5479DA157C335EBDB0DF232918985AC8534F0E348A
File Size: 3.35 MB, 3354824 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Taiwan Shui Mu Chih Ching Technology Limited.
File Description TODO: <File description>
File Version 1.5.68.8712
Internal Name e7zInstaller.exe
Legal Copyright Copyright (C) 2012
Original Filename e7zInstaller.exe
Product Name TODO: <Product name>
Product Version 1.5.68.8712

Digital Signatures

Signer Root Status
Taiwan Shui Mu Chih Ching Technology Limited GlobalSign CodeSigning CA - G2 Self Signed

Block Information

Total Blocks: 485
Potentially Malicious Blocks: 34
Whitelisted Blocks: 433
Unknown Blocks: 18

Visual Map

0 0 0 0 0 0 0 0 x x 0 x 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x x 0 x 0 x x x 0 x x 0 x x 0 x 0 0 0 0 x x x x ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 x 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 x x x x ? ? ? 0 ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 2 0 0 0 1 1 0 0 0 1 0 0 1 0 0 0 0 1 0 2 0 2 0 0 1 0 2 0 0 1 0 0 1 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 2 3 0 1 1 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\esea5ef.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\esea5ef.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\einstall.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\einstall.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\app_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\app_icon.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\change_skin.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\change_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\combo_skin.png Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\combo_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\edit_skin.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\edit_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_back.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_back.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_button_skin.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_button_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_check_checked.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_check_checked.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_check_intermediate.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_check_intermediate.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_check_uncheck.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_check_uncheck.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_logo.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_logo.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_resource.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\install_resource.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\patch_file_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\patch_file_icon.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-error.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-error.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-info.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-info.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-question.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-question.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-warning.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\pic-warning.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\popup_dialog_bk.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\popup_dialog_bk.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\progressbar_bk.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\progressbar_bk.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\progressbar_image.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\progressbar_image.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\radio_normal.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\radio_normal.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\radio_selected.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\radio_selected.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\sys_close.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\image\default\sys_close.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\4zip.inst Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\4zip.inst Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\airzip.inst Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\airzip.inst Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\gamelogin.inst Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\gamelogin.inst Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\omigazip.inst Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\omigazip.inst Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\resmgrinstall.inst Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\install\resmgrinstall.inst Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\en_us\install_lang.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\en_us\install_lang.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\es_es\install_lang.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\es_es\install_lang.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\protocol.txt Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\protocol.txt Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\pt_br\install_lang.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\pt_br\install_lang.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\tr_tr\install_lang.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\language\tr_tr\install_lang.ini Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\deskplusinstall.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\deskplusinstall.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\gamelogin.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\gamelogin.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\install_msgbox.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\install_msgbox.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\languageselect.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\languageselect.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\omigazipinstall.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\omigazipinstall.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\uninstgl.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\uninstgl.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\uninstomigazip.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\layout\default\uninstomigazip.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\main Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\main Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\msvcp100.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\msvcp100.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\msvcr100.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\msvcr100.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\segoeui.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\segoeui.ttf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\segoeuib.ttf Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\segoeuib.ttf Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\style\install_style.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\einstall\style\install_style.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\7z.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\7z.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\dup.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\dup.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\ebase.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\ebase.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\eshellctx.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\eshellctx.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\eshellctx64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\eshellctx64.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\euninstall.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\euninstall.exe Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\about_bg.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\about_bg.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\additem.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\additem.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\app_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\app_icon.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\appicon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\appicon.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\back.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\back.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\background_main.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\background_main.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\background_small_2.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\background_small_2.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\browse.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\browse.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\button_mid_size.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\button_mid_size.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\cfgclose.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\cfgclose.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\change_skin.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\change_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\checkbox_blank.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\checkbox_blank.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\checkbox_select.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\checkbox_select.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\combo.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\combo.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\combo_skin.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\combo_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\deleteitem.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\deleteitem.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\deskbtnbk.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\deskbtnbk.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\edit_skin.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\edit_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\extractto.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\extractto.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\folder.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\folder.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\footerbg.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\footerbg.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_back.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_back.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_button_skin.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_button_skin.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_check_checked.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_check_checked.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_check_intermediate.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_check_intermediate.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_check_uncheck.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_check_uncheck.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_logo.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_logo.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_resource.xml Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\install_resource.xml Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\listctrl_header_bk.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\listctrl_header_bk.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\listview_report.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\listview_report.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\listview_thumb.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\listview_thumb.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\menu_bkg.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\menu_bkg.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\menu_item_over.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\menu_item_over.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\menubg.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\menubg.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\onekeyextract.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\onekeyextract.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\patch_file_icon.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\patch_file_icon.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-error.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-error.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-info.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-info.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-question.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-question.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-warning.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pic-warning.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\popup_dialog_bk.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\popup_dialog_bk.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progress_bk.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progress_bk.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progress_meter.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progress_meter.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progressbar_bk.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progressbar_bk.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progressbar_image.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\progressbar_image.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pwd_lock.png Generic Write,Read Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pwd_lock.png Synchronize,Write Attributes
c:\users\user\appdata\local\temp\winzipper\omigazip\image\default\pwd_unlock.png Generic Write,Read Attributes

105 additional files are not displayed above.

Registry Modifications

Key::Value Data API Name
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess
Network Winsock2
  • WSAStartup

Shell Command Execution

C:\Users\Bckokzif\AppData\Local\Temp\WinZipper\eInstall\eInstall.exe "C:\Users\Bckokzif\AppData\Local\Temp\WinZipper\eInstall\eInstall.exe" "-oz"

Trending

Most Viewed

Loading...