home

ziggytv.exe

ZiggyTV

SCCE Development Inc

The application ziggytv.exe, “ZiggyTV Setup Program” by SCCE Development Inc has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from www.ziggytv.com.
Publisher:
MP3Rocket  (signed by SCCE Development Inc)

Product:
ZiggyTV

Description:
ZiggyTV Setup Program

Version:
5.1.2

MD5:
4609abfaf0ec3e4aae223f7f76a29f00

SHA-1:
f9f166e28d4af4ac45382ae2ced23faeb3322440

SHA-256:
61ae6f9c0744155ceb5f4fa6887240d5e08ea130c1d83bb03852a812ce310e2f

Scanner detections:
6 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/25/2024 12:39:06 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.151228

ESET NOD32
Win32/OpenCandy.A potentially unsafe (variant)
9.12522

Fortinet FortiGate
Riskware/OpenCandy
12/28/2015

K7 AntiVirus
Unwanted-Program
13.212.17765

McAfee
Artemis!08699B5DAA39
5600.6537

Reason Heuristics
Win32.Generic
15.12.28.19

File size:
1.1 MB (1,164,408 bytes)

Product version:
5.1.2

Copyright:
Copyright © MP3Rocket

Original file name:
ZiggyTVSetup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ziggytv.exe

Digital Signature
Signed by:
SCCE Development Inc

Authority:
COMODO CA Limited

Valid from:
11/1/2015 6:00:00 PM

Valid to:
11/1/2016 6:59:59 PM

Subject:
CN=SCCE Development Inc, O=SCCE Development Inc, STREET=3051 W Maple Loop Ste 201, L=Lehi, S=Utah, PostalCode=84043, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00EE6BCFEEB3DE758C0292441353CB7413

File PE Metadata
Compilation timestamp:
12/4/2015 11:25:27 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:hObSOnpTGzXlc4hrT73E20f7GoGm8OphcaA7:uXNGXCeT73Ls3GQvW

Entry address:
0x57574

Entry point:
E8, 75, 98, 00, 00, E9, 79, FE, FF, FF, CC, CC, 68, 50, 71, 45, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, B8, A2, 49, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 6A, 0C, 68, 10, 1A, 49, 00, E8, 9B, FF, FF, FF, 6A, 0E, E8, BC, 22, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08...
 
[+]

Entropy:
7.2854

Code size:
500 KB (512,000 bytes)

The file ziggytv.exe has been seen being distributed by the following URL.

http://www.ziggytv.com/.../ziggytv.exe

Remove ziggytv.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.