home

ziperfly.exe

Useful Software

This is the Verti bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application ziperfly.exe by Useful Software has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the Verti Setup installer. The file has been seen being downloaded from i.greatappsfree.com and multiple other hosts.
Publisher:
Useful Software  (signed and verified)

Version:
1.0.0.6

MD5:
d2dd96191575af05f2abb69b014c9d4a

SHA-1:
0b5dd18eae3144b0e1ccbbc6ab8cac9165b56294

SHA-256:
f183a95204573cf1c7ba981a14f00dfa4558b09746657965a1e7ea7040e20964

Scanner detections:
6 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 9:34:59 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Usefus
2015.0.3410

Dr.Web
Adware.Downware.4150
9.0.1.0198

ESET NOD32
Win32/Verti (variant)
8.9864

McAfee
Artemis!D2DD96191575
5600.7066

Reason Heuristics
PUP.UsefulSoftware.I
14.7.17.15

VIPRE Antivirus
Rocketfuel Installer
29728

File size:
341 KB (349,136 bytes)

Product version:
1.0.0.6

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Verti Setup

Language:
English (United States)

Common path:
C:\users\{user}\downloads\ziperfly.exe

Digital Signature
Signed by:
Useful Software

Authority:
VeriSign, Inc.

Valid from:
1/13/2014 6:00:00 PM

Valid to:
12/16/2014 5:59:59 PM

Subject:
CN=Useful Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Useful Software, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7DB9B4E338BDCF4F909F675C098B0E76

File PE Metadata
Compilation timestamp:
5/22/2014 1:54:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:MCilri4EyDkgx5Hf2+LXqruUG081E7LUzZAK/CqoA5p6v2qAPzBoL/xsTkKFW4xD:wrzXqruUGf2nUzZA+CqoA5p6v2qAPzBV

Entry address:
0x21F35

Entry point:
E8, 86, A5, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 38, AB, 44, 00, E8, 55, 2C, 00, 00, 6A, 0E, E8, C6, 9E, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 14, F7, 44, 00, BA, 10, F7, 44, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, A7, B4, FF, FF, 59, FF, 76, 04, E8, 9E, B4, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 44, 2C, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 92, 9D, 00, 00, 59, C3, CC, 8B, 54, 24, 04, 8B...
 
[+]

Entropy:
6.5011

Code size:
211 KB (216,064 bytes)

The file ziperfly.exe has been seen being distributed by the following 2 URLs.

http://i.greatappsfree.com/stub/.../ZiperFly.exe

http://inst.greatappsfree.com/dl/362/21534/5822/.../

Remove ziperfly.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.