Zippy Zarp

Publisher Information

Zippy Zarp is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. It is part of the Yontoo/Sambreel group and distributes web browser add-ons, typically potentially unwanted and adware in nature, that are designed to modify a user's typical search beahvior as well as display context and popup advertising. There is one additional code signing certificate issued to this publisher.
Authority:
VeriSign, Inc.

Valid from:
11/27/2013 7:00:00 AM

Valid to:
11/28/2014 6:59:59 AM

Subject:
CN=Zippy Zarp, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zippy Zarp, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1add2a8f1e9efbecf78ebf3b3c82b38e

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
Threat.Yontoo.Installer, Threat.Yontoo.ZippyZarp, PUP.Yontoo.ZippyZarp (M)
100.00%

VIPRE Antivirus
Yontoo, Trojan.Win32.Generic
21.43%

AVG
BrowseFox.F, Webet, Generic
21.43%

McAfee
Artemis!4EBC699D55C1, Artemis!2EFBEE200F8A
14.29%

NANO AntiVirus
Riskware.Win32.Agent.crkvek, Riskware.Win32.Yotoon.ddghtt
14.29%

Sophos
Generic PUA MF, BrowseSmart
14.29%

Dr.Web
Trojan.BPlug.17, Trojan.BPlug.123
14.29%

McAfee Web Gateway
Artemis!4EBC699D55C1, Artemis!2EFBEE200F8A
14.29%

Jiangmin
Adware/Agent.jgs, AdWare/Yotoon.l
14.29%

G Data
Win32.Application.BrowseFox, Adware.SwiftBrowse
14.29%

1 / 68      (Adware)
{f8290414-c8ea-4713-a233-52a7037a2967}w.sys (StdLib)  (cdc949287b042be70572a3fe4b9b8ca5)

1 / 68      (Adware)
{aa272ca4-ff43-4a24-aa1b-3ef0b8176c6b}w.sys (StdLib)  (8e019a3c558a44d804dfd7605c5f6310)

1 / 68      (Adware)
{f8290414-c8ea-4713-a233-52a7037a2967}w.sys (StdLib)  (10492abe301f9bdcf4ac28f1ecb4bc37)

1 / 68      (Adware)
{f8290414-c8ea-4713-a233-52a7037a2967}gw.sys (StdLib)  (a1152ba792d7c60122ee2153cd55d2b6)

1 / 68      (Adware)
{e3cbfbcd-1fd1-4a86-a885-ca5956bd7f64}w.sys (StdLib)  (276e87f92c8ab717b0dbb4bbefdaf50a)

1 / 68      (Adware)
{d3f780ef-6d29-4d1e-951e-4acc8c4324bd}w.sys (StdLib)  (eaa0ba82a6f02f7ce762d1df0eb84124)

1 / 68      (Adware)
{bb7064e0-2944-4960-9e11-240bc8d64120}w.sys (StdLib)  (d3758cd9b295dba2864d9b4f8ceb70d4)

1 / 68      (Adware)
{aa272ca4-ff43-4a24-aa1b-3ef0b8176c6b}w.sys (StdLib)  (9bef2114865a2b841d3affbbf6841172)

1 / 68      (Adware)
{211eb70b-5f6d-4b7f-aa62-8eb4fa0c9cc3}w.sys (StdLib)  (1be5a2ef120bc0f93b12bf823394b63b)

1 / 68      (Adware)
{f8290414-c8ea-4713-a233-52a7037a2967}gt.sys (StdLib)  (09ee9f4d7ccd90a33bd24d64dc6b654c)

2 / 68      (Adware)
{f8290414-c8ea-4713-a233-52a7037a2967}w.sys (StdLib)  (e103f88996630f5236b7906ead3b406b)

12 / 68    (Adware)
{f8290414-c8ea-4713-a233-52a7037a2967}gw.sys (StdLib)  (67dfc9c44cdcb4bf6c43d8bfc10a5182)

15 / 68    (Adware)
{f8290414-c8ea-4713-a233-52a7037a2967}gw64.sys (StdLib)  (ca9692f66827317c52a2007f4adf4d59)

21 / 68    (Adware)
setup.exe  (4ebc699d55c1c71a64c869e6e520a914)

The following certificate is also signed by Zippy Zarp.

0086A8DE7518EF1F875755BE3EFEDF45  (Nov 03, 2014 to Jan 03, 2016)

The following publishers (by Authenticode signature organization name) are related.

* Note, the details and description above are based on the code signing digital signature issued to Zippy Zarp by VeriSign, Inc. on November 27, 2013 with the serial number '1add2a8f1e9efbecf78ebf3b3c82b38e'.