home

ziggytv.exe

Soft App Prog

MP3 Support

The application ziggytv.exe, “Soft App Prog Setup ” by MP3 Support has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.ziggytv.com and multiple other hosts.
Publisher:
MP3 Support  (signed and verified)

Product:
Soft App Prog

Description:
Soft App Prog Setup

MD5:
e1001beb1b710fce039b76d58ea5fca6

SHA-1:
b2d51621fdf0157151c29b9c69573a18970e2cc9

SHA-256:
af14446048076d8c18ec4635eef4db5f2dccfab1db86dc48fe9ea59fa62691a4

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/19/2024 7:36:47 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/InstallCore.Gen7
7.11.200.132

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.15113

ESET NOD32
Win32/InstallCore.TL (variant)
9.10994

Fortinet FortiGate
Riskware/InstallCore
1/13/2015

K7 AntiVirus
Unwanted-Program
13.190.14602

Qihoo 360 Security
Win32/Virus.Adware.94c
1.0.0.1015

Reason Heuristics
PUP.Installer.MP3Support.H
15.1.13.12

Sophos
Generic PUA LC
4.98

Trend Micro House Call
Suspicious_GEN.F47V0105
7.2.13

File size:
711.1 KB (728,120 bytes)

Product version:
5.2

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\programs\ziggytv.exe

Digital Signature
Signed by:
MP3 Support

Authority:
Thawte, Inc.

Valid from:
6/27/2013 1:00:00 AM

Valid to:
7/12/2015 12:59:59 AM

Subject:
CN=MP3 Support, OU=SECURE APPLICATION DEVELOPMENT, O=MP3 Support, L=Oshawa, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
146C2E323177663B9DF87FFF1B9C31D8

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:eEFFayM/5OWlTFydNQ26Q5Ch/5oqW6xrd0LhYeZ5cnt42jop+rSzWYxm/U9Kl+gd:e2F65OWlEGQ5SoqW6XwhRYt4t+gHxm/P

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, BF, A9, FF, FF, E8, 5E, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file ziggytv.exe has been seen being distributed by the following 2 URLs.

http://www.ziggytv.com/.../ziggytv.exe

http://www.ziggygames.com/downloads/.../setup-ziggygames.exe

Remove ziggytv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.