» zq3bzz7ss3.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)
Network (1)

zq3bzz7ss3.exe

The executable zq3bzz7ss3.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. This file is typically installed with the program SafeFinder by Linkury which is a potentially unwanted software program. The file has been seen being downloaded from lightfresh-91b3b.netdna-ssl.com. While running, it connects to the Internet address hans-moleman.w3.org on port 80 using the HTTP protocol.

File name:

zq3bzz7ss3.exe

MD5:

97336d3dd1b6bce8320869670a200a5c

SHA-1:

39608cbc81382f042b07480ffa5756588688ee3d

SHA-256:

c1abacad4ca52493dbd988353a9216ecdf395096129b4ddb04f5f4ed9039889f

Scanner detections:

4 / 68

Status:

Malware

Analysis date:

4/19/2024 2:56:31 PM UTC (today)

Scan engine

Detection

Engine version

Emsisoft Anti-Malware

Gen:Variant.Graftor.270706

11.5.0.6191

ESET NOD32

Win32/TrojanDropper.Addrop.AH trojan

8.0.319.0

F-Secure

Variant.Midie.9477

5.15.96

Norman

Gen:Variant.Midie.9477

02.04.2016 17:35:19

File size:

812.5 KB (832,000 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\zq3bzz7ss3.exe

File PE Metadata

Compilation timestamp:

5/5/2016 6:04:59 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:Tvkq/2vC4JMy2BjUOmZQeqBza1l7r9FWoDQTZ9y4zyg2NdrX:TcqUCOMjyOm+5zylLWjZdyg2vrX

Entry address:

0x790C

Entry point:

E8, 64, 3C, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 5C, 60, 41, 00, 6A, 01, A3, 04, 78, 44, 00, E8, 54, 41, 00, 00, FF, 75, 08, E8, E9, 40, 00, 00, 83, 3D, 04, 78, 44, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 3A, 41, 00, 00, 59, 68, 09, 04, 00, C0, E8, B7, 40, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, F3, C4, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, E8, 75, 44, 00, 89, 0D, E4, 75, 44, 00, 89, 15, E0, 75, 44, 00, 89, 1D, DC, 75, 44, 00, 89, 35, D8, 75, 44, 00, 89, 3D, D4... 
[+]

Entropy:

7.7140 (probably packed)

Code size:

82 KB (83,968 bytes)

The file zq3bzz7ss3.exe has been discovered within the following program.

SafeFinder by Linkury

SafeFinder is a malware program/PUP. This potentially unwanted program is malicious and intrusive and manages to sneak its way into your computer and cause a number of issues that affects performance and privacy.

87% remove it

The file zq3bzz7ss3.exe has been seen being distributed by the following URL.

https://lightfresh-91b3b.netdna-ssl.com/apdata/installers/.../linker.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to hans-moleman.w3.org (128.30.52.100:80)

Remove zq3bzz7ss3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.