home

zipper.exe

Sambamedia SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application zipper.exe by Sambamedia SL has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from an Internet Explorer cache folder.
Publisher:
Sambamedia SL  (signed and verified)

MD5:
501887b6b3e91f335ba2fcdcabe1cc3b

SHA-1:
bd7f80ac0a6391d87d520c93bc3dac437d548cfe

SHA-256:
3bb46523f40935956a6fbcd8c89f4023194bffd939a51b9f87b3fa62234fc093

Scanner detections:
24 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 4:28:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.62516
884

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.09.04

Avira AntiVirus
Adware/CrossRider.px.4
7.11.170.194

avast!
Win32:SoftPulse-Z [PUP]
140813-1

AVG
Win.Threat.High
2014.0.4015

Bitdefender
Gen:Variant.Adware.Strictor.62516
1.0.20.1230

Comodo Security
Application.Win32.CrossRider.JSTE
19413

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.62516
9.0.0.4324

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

F-Prot
W32/A-81bc875a
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.62516
11.2014-03-09_4

G Data
Gen:Variant.Adware.Strictor.62516
14.9.24

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13257

Malwarebytes
PUP.Optional.DomaIQ
v2014.09.03.07

MicroWorld eScan
Gen:Variant.Adware.Strictor.62516
15.0.0.738

NANO AntiVirus
Riskware.Win32.Agent.deexje
0.28.2.61942

Norman
Malware
11.20140903

nProtect
Trojan-Clicker/W32.Agent.1120296
14.09.03.01

Panda Antivirus
Trj/Genetic.gen
14.09.03.07

Reason Heuristics
PUP.SambamediaSL.G
14.9.3.8

VIPRE Antivirus
Threat.4783235
32210

Zillya! Antivirus
Adware.Agent.Win32.11710
2.0.0.1911

File size:
1.1 MB (1,120,296 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\zipper.exe

Digital Signature
Signed by:
Sambamedia SL

Authority:
VeriSign, Inc.

Valid from:
4/28/2014 1:00:00 AM

Valid to:
4/29/2015 12:59:59 AM

Subject:
CN=Sambamedia SL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sambamedia SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0CC1DC4BFF437A219B57FD821A92EE57

File PE Metadata
Compilation timestamp:
8/25/2014 11:19:37 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:EjmOYKa/TY9ZPFXntEi+m/ZWOLB28TS3985qEeP02wX:EqvkHZt7+mBWABf202w

Entry address:
0x4E06

Entry point:
E8, 29, 26, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Code size:
60 KB (61,440 bytes)

Remove zipper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.