home

ZippyZarp.FirstRun.exe

FirstRun

Zippy Zarp

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application ZippyZarp.FirstRun.exe by Zippy Zarp has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Zippy Zarp  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
f00c44a04587135fc174dd488ffd6e2b

SHA-1:
1459009b7c99b2d075cbd9ee528afad838dbc6e5

SHA-256:
b604a6dcede845219c60acc3cd8bd20c0e7104c40ef6be9dd061c58c1feb7f19

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/26/2024 7:01:40 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.1.29.20

File size:
1.1 MB (1,122,592 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
ZippyZarp.FirstRun.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\zippy zarp\zippyzarp.firstrun.exe

Digital Signature
Signed by:
Zippy Zarp

Authority:
VeriSign, Inc.

Valid from:
11/27/2013 7:00:00 AM

Valid to:
11/28/2014 6:59:59 AM

Subject:
CN=Zippy Zarp, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zippy Zarp, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1ADD2A8F1E9EFBECF78EBF3B3C82B38E

File PE Metadata
Compilation timestamp:
4/16/2014 11:20:03 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x111CA6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9253

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,113,600 bytes)

Remove ZippyZarp.FirstRun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.