» pepperzip.exe
Overview
Analysis
File Details
Network (14)

pepperzip.exe

The application pepperzip.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address ns1.ibspark.com on port 80 using the HTTP protocol.

File name:

pepperzip.exe

Version:

1.0.0.0

MD5:

ef963f29141919e94d1adf8efd036389

SHA-1:

2763f4c49b512d6896c594597ac03fea2031c453

SHA-256:

5ff3a79e3afe65f69cff774b02f28273557a1b5d2a14acf6e3aea63e4089a369

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 11:11:23 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen3

7.11.30.172

Reason Heuristics

PUP.AlimenMainSL

16.10.10.20

File size:

8.4 MB (8,858,112 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\pepperzip\pepperzip.exe

File PE Metadata

Compilation timestamp:

12/25/2014 12:52:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.0

CTPH (ssdeep):

49152:41GOl4vC6nU6NkSV7If2AnPedzRwSzBK4jjCmTsts1BZqqrCjunqqrSzqqrSZmqE:3Q4q4UrQKQbxPWjuI4ZcLU+poN4N

Entry address:

0x2448

Entry point:

EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, 90, 74, 00, A1, 9F, 90, 74, 00, C1, E0, 02, A3, A3, 90, 74, 00, 52, 6A, 00, E8, FB, 50, 34, 00, 8B, D0, E8, 06, 09, 32, 00, 5A, E8, 28, 08, 32, 00, E8, 57, 0A, 32, 00, 6A, 00, E8, FC, CD, 32, 00, 59, 68, 48, 90, 74, 00, 6A, 00, E8, D5, 50, 34, 00, A3, A7, 90, 74, 00, 6A, 00, E9, 0F, BC, 32, 00, E9, 2E, CE, 32, 00, 33, C0, A0, 91, 90, 74, 00, C3, A1, A7, 90, 74, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, F4, 00, 00, 00, 0B, C9... 
[+]

Code size:

3.3 MB (3,440,640 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-206-161.atl50.r.cloudfront.net (54.230.206.161:80)

TCP (HTTP):

Connects to ns1.ibspark.com (54.72.130.67:80)

TCP (HTTP):

Connects to server-52-84-145-58.yto50.r.cloudfront.net (52.84.145.58:80)

TCP (HTTP):

Connects to server-54-230-187-24.cdg51.r.cloudfront.net (54.230.187.24:80)

TCP (HTTP):

Connects to server-54-230-11-60.lhr3.r.cloudfront.net (54.230.11.60:80)

TCP (HTTP):

Connects to server-52-84-63-41.ord51.r.cloudfront.net (52.84.63.41:80)

TCP (HTTP):

Connects to server-52-84-63-125.ord51.r.cloudfront.net (52.84.63.125:80)

TCP (HTTP):

Connects to server-54-230-206-90.atl50.r.cloudfront.net (54.230.206.90:80)

TCP (HTTP):

Connects to server-54-230-187-30.cdg51.r.cloudfront.net (54.230.187.30:80)

TCP (HTTP):

Connects to server-52-84-141-68.yto50.r.cloudfront.net (52.84.141.68:80)

TCP (HTTP):

Connects to map2.hwcdn.net (205.185.216.42:80)

TCP (HTTP):

Connects to a72-246-56-57.deploy.akamaitechnologies.com (72.246.56.57:80)

TCP (HTTP):

Connects to 88.255.178.107.bc.googleusercontent.com (107.178.255.88:80)

TCP (HTTP):

Connects to 189.152.251.23.bc.googleusercontent.com (23.251.152.189:80)

Remove pepperzip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.