home

zipper.exe

Sambamedia SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application zipper.exe by Sambamedia SL has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxbox600.com.
Publisher:
Sambamedia SL  (signed and verified)

MD5:
0f340299c4f0dc5ca38c01733e45e99c

SHA-1:
e8a4bb9751cca6cf541f7a386ee84e70d280fd77

SHA-256:
61492e5c91d32c89767c9b212a5b95a70380d17a64ee66dc70408af27082e794

Scanner detections:
22 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 3:07:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.62516
884

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
Adware/Agent.djcr.7
7.11.170.204

avast!
Win32:SoftPulse-W [PUP]
140813-1

AVG
Win.Threat.High
2014.0.4015

Bitdefender
Gen:Variant.Adware.Strictor.62516
1.0.20.1235

Comodo Security
Application.Win32.SoftPulse.J
19413

Dr.Web
Trojan.Packed.28579
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.62516
9.0.0.4324

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

F-Prot
W32/A-0b77e0af
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.62516
11.2014-04-09_5

G Data
Gen:Variant.Adware.Strictor.62516
14.9.24

K7 AntiVirus
Unwanted-Program
13.183.13257

Malwarebytes
PUP.Optional.DomaIQ
v2014.09.04.02

MicroWorld eScan
Gen:Variant.Adware.Strictor.62516
15.0.0.741

NANO AntiVirus
Riskware.Win32.Agent.deikti
0.28.2.61942

Norman
Malware
11.20140904

Panda Antivirus
Trj/Genetic.gen
14.09.04.02

Reason Heuristics
PUP.SambamediaSL.G
14.9.3.8

VIPRE Antivirus
Threat.4783235
32210

Zillya! Antivirus
Adware.Agent.Win32.11842
2.0.0.1911

File size:
1.1 MB (1,124,928 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\zipper.exe

Digital Signature
Signed by:
Sambamedia SL

Authority:
VeriSign, Inc.

Valid from:
4/28/2014 1:00:00 AM

Valid to:
4/29/2015 12:59:59 AM

Subject:
CN=Sambamedia SL, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sambamedia SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0CC1DC4BFF437A219B57FD821A92EE57

File PE Metadata
Compilation timestamp:
8/27/2014 10:42:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:C8AlyjmO3oR7djqvyJcFflhpormMM3kRU/l5LymAoPb:wyqQ8jey6lMM3kR256Q

Entry address:
0x6100

Entry point:
E8, 5F, 20, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 10, 20, 41, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B4, 10, 41, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, 4D, F0, 33, CD, E8, 38...
 
[+]

Code size:
63 KB (64,512 bytes)

The file zipper.exe has been seen being distributed by the following URL.

http://kyle.mxbox600.com/mXT/__MP__/Zipper/.../1108

Remove zipper.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.