zisafffi.exe

LTD SEVEN TRANS GROUP

This is the Bundlore download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file zisafffi.exe by LTD SEVEN TRANS GROUP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Bundlore Downloader installer. It is also typically executed from the user's temporary directory.
Publisher:
LTD SEVEN TRANS GROUP  (signed and verified)

Version:
1.0.0.0

MD5:
72b92059176fe47dabd749ea63361392

SHA-1:
a2f0882974c40db5b32eb9d27bf048c3853426e1

SHA-256:
223a30d99d9240f08720b318ea23e324431e8dd5e848e6b260449a26d6b3c063

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
10/31/2024 10:45:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Bundlore (M)
16.8.8.11

File size:
2.8 MB (2,938,696 bytes)

Product version:
1.0.0.0

Bundler/Installer:
Bundlore Downloader

Common path:
C:\users\{user}\appdata\local\temp\zisafffi.exe.part

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/20/2015 6:00:00 AM

Valid to:
1/21/2016 5:59:59 AM

Subject:
CN=LTD SEVEN TRANS GROUP, O=LTD SEVEN TRANS GROUP, L=Kyiv, S=Ukraine, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
2CF924F28095188D9B7879AAFFF49BBC

File PE Metadata
Compilation timestamp:
6/20/1992 4:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:/YybeNYjnVToOVLHkQsctwAt1JaWW3tYTY2TEJWJybtuo+Yz0eXsZ6yL1cdvp:gybeqb5F5twAtyhYk2GWJyhuo+YzvJHH

Entry address:
0x7864F0

Entry point:
60, BE, 00, B0, 97, 00, 8D, BE, 00, 60, A8, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
2 MB (2,146,304 bytes)

Remove zisafffi.exe - Powered by Reason Core Security