home

h1z1 cd key generator downloader__3687_i1916043593_il158346.exe

Vega Stp

GCM

The application h1z1 cd key generator downloader__3687_i1916043593_il158346.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from www.markersoffredefy.site.
Publisher:
GCM

Product:
Vega Stp

Description:
tiny install

Version:
253.199.187.252

MD5:
c64973292f8955b56dee73c448276015

SHA-1:
b8435dc6385e2a7a0054ce643bcd23e244a0ae37

SHA-256:
a30a87c0d88619e8d6cf9f8b3cb1bf3b489a469e6d31141ceae01ea087a79322

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/29/2025 11:51:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Bundler (M)
16.5.6.9

File size:
1.4 MB (1,444,864 bytes)

Product version:
253.199.187.252

Copyright:
Copyright 2015

Trademarks:
Pepcyc

Original file name:
sstup.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\h1z1 cd key generator downloader__3687_i1916043593_il158346.exe

File PE Metadata
Compilation timestamp:
5/3/2016 6:57:32 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:+Q6gF6VpmFJfuHil/wQI+YAmRSxssg9VPtS//L5p:+QPEOuCyQI/AkSyBdtSH

Entry address:
0x68D7

Entry point:
E8, AF, 56, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, C0, F9, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, C0, F9, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, A8, F9, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, A8, F9, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1...
 
[+]

Code size:
114.5 KB (117,248 bytes)

The file h1z1 cd key generator downloader__3687_i1916043593_il158346.exe has been seen being distributed by the following URL.

http://www.markersoffredefy.site/10_nod32_launcher.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.