pepperzip.exe

The application pepperzip.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address ns1.ibspark.com on port 80 using the HTTP protocol.
Version:
1.0.0.0

MD5:
ef963f29141919e94d1adf8efd036389

SHA-1:
2763f4c49b512d6896c594597ac03fea2031c453

SHA-256:
5ff3a79e3afe65f69cff774b02f28273557a1b5d2a14acf6e3aea63e4089a369

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
10/17/2018 11:13:54 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen3
7.11.30.172

Reason Heuristics
PUP.AlimenMainSL
16.10.10.20

File size:
8.4 MB (8,858,112 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pepperzip\pepperzip.exe

File PE Metadata
Compilation timestamp:
12/25/2014 12:52:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.0

CTPH (ssdeep):
49152:41GOl4vC6nU6NkSV7If2AnPedzRwSzBK4jjCmTsts1BZqqrCjunqqrSzqqrSZmqE:3Q4q4UrQKQbxPWjuI4ZcLU+poN4N

Entry address:
0x2448

Entry point:
EB, 10, 66, 62, 3A, 43, 2B, 2B, 48, 4F, 4F, 4B, 90, E9, AC, 90, 74, 00, A1, 9F, 90, 74, 00, C1, E0, 02, A3, A3, 90, 74, 00, 52, 6A, 00, E8, FB, 50, 34, 00, 8B, D0, E8, 06, 09, 32, 00, 5A, E8, 28, 08, 32, 00, E8, 57, 0A, 32, 00, 6A, 00, E8, FC, CD, 32, 00, 59, 68, 48, 90, 74, 00, 6A, 00, E8, D5, 50, 34, 00, A3, A7, 90, 74, 00, 6A, 00, E9, 0F, BC, 32, 00, E9, 2E, CE, 32, 00, 33, C0, A0, 91, 90, 74, 00, C3, A1, A7, 90, 74, 00, C3, 60, BB, 00, 50, B0, BC, 53, 68, AD, 0B, 00, 00, C3, B9, F4, 00, 00, 00, 0B, C9...
 
[+]

Code size:
3.3 MB (3,440,640 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-206-161.atl50.r.cloudfront.net  (54.230.206.161:80)

TCP (HTTP):
Connects to ns1.ibspark.com  (54.72.130.67:80)

TCP (HTTP):
Connects to server-52-84-145-58.yto50.r.cloudfront.net  (52.84.145.58:80)

TCP (HTTP):
Connects to server-54-230-187-24.cdg51.r.cloudfront.net  (54.230.187.24:80)

TCP (HTTP):
Connects to server-54-230-11-60.lhr3.r.cloudfront.net  (54.230.11.60:80)

TCP (HTTP):
Connects to server-52-84-63-41.ord51.r.cloudfront.net  (52.84.63.41:80)

TCP (HTTP):
Connects to server-52-84-63-125.ord51.r.cloudfront.net  (52.84.63.125:80)

TCP (HTTP):
Connects to server-54-230-206-90.atl50.r.cloudfront.net  (54.230.206.90:80)

TCP (HTTP):
Connects to server-54-230-187-30.cdg51.r.cloudfront.net  (54.230.187.30:80)

TCP (HTTP):
Connects to server-52-84-141-68.yto50.r.cloudfront.net  (52.84.141.68:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.42:80)

TCP (HTTP):
Connects to a72-246-56-57.deploy.akamaitechnologies.com  (72.246.56.57:80)

TCP (HTTP):
Connects to 88.255.178.107.bc.googleusercontent.com  (107.178.255.88:80)

TCP (HTTP):
Connects to 189.152.251.23.bc.googleusercontent.com  (23.251.152.189:80)

Remove pepperzip.exe - Powered by Reason Core Security