bitzipper2015trialsetupes.exe

BitZipper

Bitberry Software ApS

The application bitzipper2015trialsetupes.exe, “Comprima y Descomprima archivos ZIP, RAR, 7Z ... ” by Bitberry Software ApS has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore monetization download manager to download additional third party applications that may be unwanted by the user. The file has been seen being downloaded from bitberry.cachefly.net and multiple other hosts.
Publisher:
Bitberry Software   (signed by Bitberry Software ApS)

Product:
BitZipper

Description:
Comprima y Descomprima archivos ZIP, RAR, 7Z ...

Version:
2015.14.12.3

MD5:
2c5e852eb42b7b283704b3cc1cbee4af

SHA-1:
14ddeca724dbe835506df6afd1d21ace984cadd0

SHA-256:
c1295b1ce625eb1f911f8aa7cba2c20d3acb96056c90f949ed4764878920e8b2

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 8:31:39 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Adware.Downware.8536
9.0.1.044

ESET NOD32
Win32/FileTypeAssistant.A potentially unwanted (variant)
9.11167

Fortinet FortiGate
Riskware/FileTypeAssistant
2/13/2015

K7 AntiVirus
Trojan
13.194.14945

McAfee
Artemis!2C5E852EB42B
5600.6856

Reason Heuristics
PUP.Optional.Installer
15.2.13.7

Trend Micro House Call
Suspicious_GEN.F47V1203
7.2.44

VIPRE Antivirus
Trojan.Win32.Generic
37492

File size:
5.7 MB (5,985,552 bytes)

Product version:
2015.14.12.3

Copyright:
Copyright © 1999-2014 Bitberry Software

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\bitzipper2015trialsetupes.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/19/2013 8:00:00 PM

Valid to:
11/18/2016 7:59:59 PM

Subject:
CN=Bitberry Software ApS, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bitberry Software ApS, L=Holbæk, S=Alberta, C=DK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
23118AB330BEB5704ADCCE30BBB04D23

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:tZ+OyWZCUdGY4BlRz/WveVH2FnUlsxKI8ec4ZDjARtuKWig4eXVvFSgEUIHmSIjs:fOUdGY4PkeVHbeKtec4ZDjEkS+3SpSCX

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file bitzipper2015trialsetupes.exe has been seen being distributed by the following 2 URLs.

Remove bitzipper2015trialsetupes.exe - Powered by Reason Core Security