The page you navigated to does not exist

Oops, I am here again, your clumsy friend Win32.Helpware.VT... I swear I didn't eat your page!

Analyze suspicious files and URLs to detect types of malware including viruses, worms, and trojans.

File URL Search
Click to select a file

Upload and scan file

By using VirusTotal you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more.

By using VirusTotal you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more.

By using VirusTotal you consent to our Terms of Service and Privacy Policy and allow us to share your submission with the security community. Learn more.

3 / 68

3 engines detected this file

SHA-256e37e929a9f2c111dd6b3c4f95e31702cb968c94f84add8f3cf52800e2706a38c
File namewzdu32.exe
File size4.53 MB
Last analysis2017-11-21 06:34:36 UTC
Community score-11
Detection Details Relations Behavior Community

Baidu

Win32.Trojan.WisdomEyes.16070401.9500.9856

Bkav

W32.HfsAdware.EF70

DrWeb

Program.Unwanted.1340

Ad-Aware

Clean

AegisLab

Clean

AhnLab-V3

Clean

ALYac

Clean

Antiy-AVL

Clean

Arcabit

Clean

Avast

Clean

Avast Mobile Security

Clean

AVG

Clean

Avira

Clean

AVware

Clean

BitDefender

Clean

CAT-QuickHeal

Clean

ClamAV

Clean

CMC

Clean

Comodo

Clean

CrowdStrike Falcon

Clean

Cybereason

Clean

Cylance

Clean

Cyren

Clean

eGambit

Clean

Emsisoft

Clean

Endgame

Clean

eScan

Clean

ESET-NOD32

Clean

F-Prot

Clean

F-Secure

Clean

Fortinet

Clean

GData

Clean

Ikarus

Clean

Jiangmin

Clean

K7AntiVirus

Clean

K7GW

Clean

Kaspersky

Clean

Kingsoft

Clean

Malwarebytes

Clean

MAX

Clean

McAfee

Clean

McAfee-GW-Edition

Clean

Microsoft

Clean

NANO-Antivirus

Clean

nProtect

Clean

Palo Alto Networks

Clean

Panda

Clean

Qihoo-360

Clean

Rising

Clean

SentinelOne

Clean

Sophos AV

Clean

Sophos ML

Clean

SUPERAntiSpyware

Clean

Symantec

Clean

Tencent

Clean

TheHacker

Clean

TotalDefense

Clean

TrendMicro

Clean

TrendMicro-HouseCall

Clean

VBA32

Clean

VIPRE

Clean

ViRobot

Clean

Webroot

Clean

WhiteArmor

Clean

Yandex

Clean

Zillya

Clean

ZoneAlarm

Clean

Zoner

Clean

Alibaba

Unable to process file type

Symantec Mobile Insight

Unable to process file type

Trustlook

Unable to process file type

Basic Properties

MD5
c88ff17d0af4a0bad05f5a578adb7f22
SHA-1
588b4f6b5ec082c3ed4f87e59767747c30191695
Authentihash
e9d92f6f3e16666e73a15bd1961cd777dacdb92a474e82a18fabe32166c5cf62
Imphash
bf95d1fc1d10de18b32654b123ad5e1f
File Type
Win32 EXE
Magic
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
SSDeep
98304:r2Zw+jpDMSgZw+jpDMvibOEmjqKN3X1fxBSjsGdXAnPY9R7j4:rww+9POw+9qayq23FfxBOsGiA9RI
TRiD
Win32 Executable MS Visual C++ (generic) (42.2%) Win64 Executable (generic) (37.3%) Win32 Dynamic Link Library (generic) (8.8%) Win32 Executable (generic) (6%) Generic Win/DOS Executable (2.7%)
File Size
4.53 MB

Tags

nsispeexesignedoverlay

History

Creation Time
2010-04-10 12:19:38
First Seen In The Wild
2010-04-10 12:19:38
First Submission
2015-12-10 20:57:41
Last Submission
2017-08-07 10:55:55
Last Analysis
2017-11-21 06:34:36

File names

  • wzdu32.exe
  • wzdu32 (1).exe
  • 26_08#T21#43615
  • lcfu6226ycbmh3kpq7szoz3upqybsfuv.exe
  • sample ._DONTEXECUTE
  • 782297
  • wzdu32 - Winzip Driver Updater.exe
  • WinZip Driver Utility.exe
  • 2016-02-08.56a9c0f7e9fbfa0afde220ff.wzdu32.exe
  • wzdu32[1].exe

Packers

F-PROT
NSIS, appended, UTF-8, Unicode

Signature Info

Signature Verification

A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

File Version Information

Copyright
Copyright (c) 2014 VAPC (Lux) S.a.r.L. All Rights Reserved.
Product
WinZip Driver Updater
Description
WinZip Driver Updater
File Version
5.3.2.54

Signers

  • WinZip Computing LLC
  • GlobalSign CodeSigning CA - SHA256 - G2
  • GlobalSign

Portable Executable Info

Header

Target Machine
Intel 386 or later processors and compatible processors
Compilation Timestamp
2010-04-10 12:19:38
Entry Point
13333
Contained Sections
5

Sections

Name
Virtual Address
Virtual Size
Raw Size
Entropy
MD5
.text
4096
26396
26624
6.5
cb807804553819b70f6e16b8a094d327
.rdata
32768
6614
6656
5.03
161b329b4c70ce4fbd9c1143e738896b
.data
40960
463772
512
1.74
140876ba314e7bc36379ee5c6db80876
.ndata
507904
544768
0
0
d41d8cd98f00b204e9800998ecf8427e
.rsrc
1052672
373104
373248
5.25
8800d6279527676d9bb3964ab2cd292b

Imports

  • ADVAPI32.dll
  • COMCTL32.dll
  • GDI32.dll
  • KERNEL32.dll
  • SHELL32.dll
  • USER32.dll
  • VERSION.dll
  • ole32.dll

Contained Resources By Type

RT ICON
6
RT DIALOG
3
RT VERSION
1
RT MANIFEST
1
RT GROUP ICON
1

Contained Resources By Language

ENGLISH US
11
NEUTRAL
1

Contained Resources

SHA-256
File Type
Type
Language
04ac4a9bfe5f722e1939b1977c92c1f3231fe09294f88f5171e5d1545064f9b7
data
RT_ICON
ENGLISH US
3d309d24d08ec9f79e4dd9507fa5386202c17759c47ec853cda89d4a21392caa
data
RT_ICON
ENGLISH US
3722ecd370ee441bb343a00bbec8577646c50d374cf41f59b3c8f6b4876b615e
data
RT_ICON
ENGLISH US
90efe9c85a163c77163113432e0b80344255fa20d9c07f9c8ca4157bd85faaf4
data
RT_ICON
ENGLISH US
7faff33194212359f0de198c07b2755df73e3a771427d736db85d4183386d852
data
RT_ICON
ENGLISH US

ExifTool File Metadata

CharacterSet
Unicode
CodeSize
26624
CompanyName
WinZip
EntryPoint
0x3415
FileDescription
WinZip Driver Updater
FileFlagsMask
0x0000
FileOS
Win32
FileSubtype
0
FileType
Win32 EXE
FileTypeExtension
exe
FileVersion
5.3.2.54
FileVersionNumber
5.3.2.54
ImageVersion
6.0
InitializedDataSize
475136
LanguageCode
Neutral
LegalCopyright
Copyright (c) 2014 VAPC (Lux) S.a.r.L. All Rights Reserved.
LinkerVersion
9.0
MIMEType
application/octet-stream
MachineType
Intel 386 or later, and compatibles
OSVersion
5.0
ObjectFileType
Executable application
PEType
PE32
ProductName
WinZip Driver Updater
ProductVersion
5.3.2.54
ProductVersionNumber
5.3.2.54
Subsystem
Windows GUI
SubsystemVersion
5.0
TimeStamp
2010:04:10 13:19:38+01:00
UninitializedDataSize
16896

Compressed Parents

Date scanned
Detections
File type
Name
2016-03-26
2/57
ZIP
wzdu32.zip
2016-02-08
39/53
ZIP
Neuer Ordner.zip
2017-07-22
3/60
ZIP
f3258322b04be6a323a3a4daf18490cd888820eec8b415c939b9aace038faedc.file
VirusTotal Sandbox

Network Communication

HTTP requests

  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
  • http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/D69B561148F01C77C54578C10926DF5B856976AD.crt
  • http://crl.globalsign.net/root-r3.crl
  • http://crl.globalsign.com/gs/gscodesignsha2g2.crl
  • http://updaterv.winzip.com/update
  • http://dynamic-utils.reviversoft.com/api/url/update?version=5.3.2.54&product=DU
  • http://drtools-v2.reviversoft.com/service/refreshdriver

DNS Resolutions

  • www.download.windowsupdate.com
  • crl.globalsign.net
  • crl.globalsign.com
  • updaterv.winzip.com
  • dynamic-utils.reviversoft.com
  • drtools-v2.reviversoft.com

TCP Communication

  • 13.107.4.50:80
  • 198.41.214.163:80
  • 198.41.214.187:80
  • 107.23.38.113:80
  • 191.239.212.128:80
  • 54.174.158.81:80

Votes

Safe 0
Unsafe11
You must be signed in to vote.

Voting details

anonymous 2016-04-28 08:34:29 -1
anonymous 2016-03-14 19:38:15 -1
anonymous 2016-02-20 19:48:17 -1
anonymous 2016-02-10 14:50:15 -1
anonymous 2016-02-06 19:11:44 -1
anonymous 2016-01-05 19:00:25 -1
anonymous 2016-01-02 15:06:13 -1
anonymous 2015-12-28 00:29:47 -1
trappmanr 2015-12-27 19:16:03 -1
anonymous 2015-12-21 11:51:59 -1
More

Comments

No comments

You must be signed in to post a comment.
Profile Picture

Comments User Trust

No comments

No trusts

This user is trusted by...

This user trusts...