home

zipper.exe

Sambamedia SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application zipper.exe by Sambamedia SL has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Sambamedia SL  (signed and verified)

MD5:
d15b3bea2de28ebde50b64a5a2ec6f5f

SHA-1:
18e1c4f02b88311c783253222fc3d74d80416e39

SHA-256:
647130b21bd7d609870667ea9fc7abc809e32e3ac643ba768466075746eabf64

Scanner detections:
23 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 8:56:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.62516
885

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
Adware/Agent.djcr.4
7.11.170.170

avast!
Win32:SoftPulse-Z [PUP]
140813-1

AVG
Found Win32/DH{gRJ UIEHeVRPFVGBFYEJHFOBE0GBDw}
2014.0.4015

Bitdefender
Gen:Variant.Adware.Strictor.62516
1.0.20.1230

Comodo Security
Application.Win32.CrossRider.JSTE
19408

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.62516
9.0.0.4324

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

F-Prot
W32/A-81bc875a
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.62516
11.2014-03-09_4

G Data
Gen:Variant.Adware.Strictor.62516
14.9.24

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13257

Malwarebytes
PUP.Optional.DomaIQ
v2014.09.03.11

MicroWorld eScan
Gen:Variant.Adware.Strictor.62516
15.0.0.738

NANO AntiVirus
Riskware.Win32.Agent.deexje
0.28.2.61942

Norman
Malware
11.20140903

nProtect
Trojan-Clicker/W32.Agent.1120296
14.09.03.01

Panda Antivirus
Trj/Genetic.gen
14.09.03.11

Reason Heuristics
PUP.SambamediaSL.G
14.9.3.8

VIPRE Antivirus
Threat.4150696
32210

Zillya! Antivirus
Adware.Agent.Win32.11710
2.0.0.1911

File size:
1.1 MB (1,120,296 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\zipper.exe

Digital Signature
Signed by:
Sambamedia SL

Authority:
VeriSign, Inc.

Valid from:
4/28/2014 1:00:00 AM

Valid to:
4/29/2015 12:59:59 AM

Subject:
CN=Sambamedia SL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sambamedia SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0CC1DC4BFF437A219B57FD821A92EE57

File PE Metadata
Compilation timestamp:
8/26/2014 8:34:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:TjmOztIjpVbUJ44R/DDK2s5mNZRzOUCrA/N3r3:TqAtI704g/D3Tm03z

Entry address:
0x4E06

Entry point:
E8, 29, 26, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
60 KB (61,440 bytes)

Remove zipper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.